RESOLVED FIXED 180850
Inconsistent section grid could lead to CrashOnOverflow 
https://bugs.webkit.org/show_bug.cgi?id=180850
Summary Inconsistent section grid could lead to CrashOnOverflow
zalan
Reported 2017-12-14 16:48:47 PST
rdar://problem/34064811
Attachments
Patch (5.49 KB, text/plain)
2017-12-14 18:56 PST, zalan 		no flags
Details
Patch (5.47 KB, patch)
2017-12-14 19:04 PST, zalan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2017-12-14 16:55:27 PST
CSS overflow or numeric overflow?
zalan
Comment 2 2017-12-14 18:56:57 PST
Created attachment 329434 [details] Patch
zalan
Comment 3 2017-12-14 19:04:26 PST
Created attachment 329436 [details] Patch
Simon Fraser (smfr)
Comment 4 2017-12-14 19:48:39 PST
Comment on attachment 329436 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=329436&action=review > Source/WebCore/rendering/RenderTableSection.cpp:1390 > + auto maximumNumberOfColumns = table()->numEffCols(); Seems like maybe table() should return a reference?
zalan
Comment 5 2017-12-14 20:02:25 PST
(In reply to Simon Fraser (smfr) from comment #4) > Comment on attachment 329436 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=329436&action=review > > > Source/WebCore/rendering/RenderTableSection.cpp:1390 > > + auto maximumNumberOfColumns = table()->numEffCols(); > > Seems like maybe table() should return a reference? It would result in null deref when the section is detached.
WebKit Commit Bot
Comment 6 2017-12-14 20:22:50 PST
Comment on attachment 329436 [details] Patch Clearing flags on attachment: 329436 Committed r225960: <https://trac.webkit.org/changeset/225960>
WebKit Commit Bot
Comment 7 2017-12-14 20:22:51 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.