Bug 180850 - Inconsistent section grid could lead to CrashOnOverflow
Summary: Inconsistent section grid could lead to CrashOnOverflow
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: zalan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-12-14 16:48 PST by zalan
Modified: 2017-12-14 20:22 PST (History)
4 users (show)

See Also:

Attachments
Patch (5.49 KB, text/plain)
2017-12-14 18:56 PST, zalan 		no flags Details
Patch (5.47 KB, patch)
2017-12-14 19:04 PST, zalan 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description zalan 2017-12-14 16:48:47 PST 
rdar://problem/34064811
Comment 1 Simon Fraser (smfr) 2017-12-14 16:55:27 PST 
CSS overflow or numeric overflow?
Comment 2 zalan 2017-12-14 18:56:57 PST 
Created attachment 329434 [details]
Patch
Comment 3 zalan 2017-12-14 19:04:26 PST 
Created attachment 329436 [details]
Patch
Comment 4 Simon Fraser (smfr) 2017-12-14 19:48:39 PST 
Comment on attachment 329436 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=329436&action=review

> Source/WebCore/rendering/RenderTableSection.cpp:1390
> +    auto maximumNumberOfColumns = table()->numEffCols();

Seems like maybe table() should return a reference?
Comment 5 zalan 2017-12-14 20:02:25 PST 
(In reply to Simon Fraser (smfr) from comment #4)
> Comment on attachment 329436 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=329436&action=review
> 
> > Source/WebCore/rendering/RenderTableSection.cpp:1390
> > +    auto maximumNumberOfColumns = table()->numEffCols();
> 
> Seems like maybe table() should return a reference?
It would result in null deref when the section is detached.
Comment 6 WebKit Commit Bot 2017-12-14 20:22:50 PST 
Comment on attachment 329436 [details]
Patch

Clearing flags on attachment: 329436

Committed r225960: <https://trac.webkit.org/changeset/225960>
Comment 7 WebKit Commit Bot 2017-12-14 20:22:51 PST 
All reviewed patches have been landed.  Closing bug.