200744 – Don't use union to store NodeRareData* and RenderObject*

Bug 200744 - Don't use union to store NodeRareData* and RenderObject*

Summary: Don't use union to store NodeRareData* and RenderObject*

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Ryosuke Niwa

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2019-08-14 17:00 PDT by Ryosuke Niwa
Modified:	2020-09-02 11:22 PDT (History)
CC List:	13 users (show)

See Also:	216069

Attachments
WIP - simple patch (6.61 KB, patch) 2019-08-14 17:00 PDT, Ryosuke Niwa	no flags	Details \| Formatted Diff \| Diff
WIP2 (29.50 KB, patch) 2019-08-15 01:05 PDT, Ryosuke Niwa	no flags	Details \| Formatted Diff \| Diff
WIP3 (29.20 KB, patch) 2019-08-15 01:33 PDT, Ryosuke Niwa	no flags	Details \| Formatted Diff \| Diff
Patch (40.14 KB, patch) 2019-08-15 15:21 PDT, Ryosuke Niwa	koivisto: review+	Details \| Formatted Diff \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ryosuke Niwa 2019-08-14 17:00:13 PDT

Don't use union for NodeRareData* and RenderObject*. That can lead to type confusion bugs.

Comment 1 Ryosuke Niwa 2019-08-14 17:00:35 PDT

Created attachment 376334 [details]
WIP - simple patch

Comment 2 Ryosuke Niwa 2019-08-15 01:05:05 PDT

Created attachment 376367 [details]
WIP2

Compensating the size increase of Node by moving some element flags to Node. Somehow this causes focus within tests to fail. I can't spot a bug anywhere...

Comment 3 Ryosuke Niwa 2019-08-15 01:06:53 PDT

Comment on attachment 376367 [details]
WIP2

View in context: https://bugs.webkit.org/attachment.cgi?id=376367&action=review

> Source/WebCore/dom/Node.h:541
> +        StyleAffectedByFocusWithinFlag = 1 < 11,

Ugh... what a stupid bug. I need <<, not <.

Comment 4 Ryosuke Niwa 2019-08-15 01:33:39 PDT

Created attachment 376369 [details]
WIP3

Comment 5 Ryosuke Niwa 2019-08-15 15:21:24 PDT

Created attachment 376431 [details]
Patch

Comment 6 Ryosuke Niwa 2019-08-16 17:41:06 PDT

Committed r248807: <https://trac.webkit.org/changeset/248807>

Comment 7 Radar WebKit Bug Importer 2019-08-16 17:42:17 PDT

<rdar://problem/54415130>