WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
17543
FixedTableLayout::layout() corrupts the heap
https://bugs.webkit.org/show_bug.cgi?id=17543
Summary
FixedTableLayout::layout() corrupts the heap
Ojan Vafai
Reported
2008-02-25 17:21:06 PST
If a table is fixed layout and and it's children are set to display:none, corrupts the heap (FixedTableLayout.cpp:288).
Attachments
Corrupts heap. Hits assert in debug mode.
(197 bytes, text/html)
2008-02-25 17:22 PST
,
Ojan Vafai
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Ojan Vafai
Comment 1
2008-02-25 17:22:06 PST
Created
attachment 19363
[details]
Corrupts heap. Hits assert in debug mode.
Maciej Stachowiak
Comment 2
2008-02-25 17:24:04 PST
Heap corruption is a potential security issue but not flagging as such since we don't have an exploit.
Mark Rowe (bdash)
Comment 3
2008-02-25 18:12:51 PST
<
rdar://problem/5764927
>
Dave Hyatt
Comment 4
2008-03-03 11:55:49 PST
Fixed in
r30716
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug