Bug 156796

Summary:

Use Optional<size_t> for OrderIterator::m_orderIndex instead of int

Product:

WebKit

Reporter:

Chris Dumez <cdumez>

Component:

Layout and Rendering

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

andersca, commit-queue, darin, ddkilzer, esprehn+autocc, glenn, kondapallykalyan, sam, simon.fraser, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=156804

Attachments:

Description	Flags
Patch	none

Chris Dumez

Reported 2016-04-20 10:47:32 PDT

Use Optional<size_t> for OrderIterator::m_orderIndex instead of int (with invalid value of -1). m_orderIndex a vector index and therefore is in the range of an unsigned (type used internally by Vector, even though the index is exposed as size_t). Therefore, assigning it to an int is unsafe as it may overflow. This may fix <rdar://problem/23410338> which is a top crasher.

Attachments
Patch (3.35 KB, patch) 2016-04-20 10:57 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2016-04-20 10:57:13 PDT

Created attachment 276832 [details] Patch

WebKit Commit Bot

Comment 2 2016-04-20 14:07:19 PDT

Comment on attachment 276832 [details] Patch Clearing flags on attachment: 276832 Committed r199785: <http://trac.webkit.org/changeset/199785>

WebKit Commit Bot

Comment 3 2016-04-20 14:07:24 PDT

All reviewed patches have been landed. Closing bug.

David Kilzer (:ddkilzer)

Comment 4 2016-04-22 04:29:47 PDT

<rdar://problem/23410338>

Note You need to log in before you can comment on or make changes to this bug.