| Summary: | Avoid corrupting the hashmap and subsequent nullptr deref by checking that the LayoutUnit is not a deleted value. | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | John Cunningham <johncunningham> | ||||||||||
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> | ||||||||||
| Status: | RESOLVED CONFIGURATION CHANGED | ||||||||||||
| Severity: | Normal | CC: | cmarcelo, ews-watchlist, fred.wang, jamesr, luiz, simon.fraser, tonikitoo, webkit-bug-importer, wenson_hsieh, youennf | ||||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||||
| Version: | WebKit Nightly Build | ||||||||||||
| Hardware: | Unspecified | ||||||||||||
| OS: | Unspecified | ||||||||||||
| Attachments: |
|
||||||||||||
|
Description
John Cunningham
2021-10-29 15:19:33 PDT
Created attachment 442872 [details]
Patch
Created attachment 442873 [details]
Patch
Comment on attachment 442873 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=442873&action=review > Source/WebCore/ChangeLog:8 > + No new tests (OOPS!). Can a test be added for this? Created attachment 443134 [details]
Patch
Comment on attachment 443134 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=443134&action=review It looks like the newly added test is failing on test runners. > Source/WebCore/page/scrolling/ScrollSnapOffsetsInfo.cpp:291 > + if (offsets.isValidKey(newOffset)) { Nit - we generally prefer early returns over multiline if statements like this. Created attachment 443260 [details]
Patch
This patch is no longer necessary, closing bug. |