Bug 256165

Summary: UBSan: RenderObjects sets height to number that doesn't fit in an integer
Product: WebKit Reporter: Seija K. <gfunni234>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Seija K.
Reported 2023-05-01 08:57:40 PDT
If geometries has size 0 or whenever working on the first geometry, the height can be set to INT_MAX - INT_MIN, which cannot fit in a signed integer. We need to avoid this by specializing those cases.
Attachments
Add attachment proposed patch, testcase, etc.
Seija K.
Comment 1 2023-05-01 09:01:20 PDT
Pull request: https://github.com/WebKit/WebKit/pull/13329
Radar WebKit Bug Importer
Comment 2 2023-05-08 08:58:19 PDT
<rdar://problem/109041952>
Note You need to log in before you can comment on or make changes to this bug.