290898 – Stale float state caused by 'content visibility' may lead to ASSERT in addFloatsToNewParent

RESOLVED FIXED290898

Stale float state caused by 'content visibility' may lead to ASSERT in addFloatsToNewParent

https://bugs.webkit.org/show_bug.cgi?id=290898

Summary Stale float state caused by 'content visibility' may lead to ASSERT in addFlo...

alan

Reported 2025-04-01 19:37:56 PDT

<rdar://143296265>

Attachments
Patch (2.09 KB, patch) 2025-04-01 20:03 PDT, alan	no flags	Details Formatted Diff Diff
Patch (2.75 KB, patch) 2025-04-02 05:37 PDT, alan	no flags	Details Formatted Diff Diff
Patch (2.75 KB, patch) 2025-04-02 06:08 PDT, alan	no flags	Details Formatted Diff Diff
[fast-cq]Patch (4.34 KB, patch) 2025-04-02 09:13 PDT, alan	no flags	Details Formatted Diff Diff
Patch (5.58 KB, patch) 2025-04-18 15:58 PDT, alan	no flags	Details Formatted Diff Diff
[fast-cq]Patch (5.58 KB, patch) 2025-04-18 16:02 PDT, alan	no flags	Details Formatted Diff Diff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.

alan

Comment 1 2025-04-01 20:03:33 PDT

Created attachment 474798 [details] Patch

alan

Comment 2 2025-04-01 20:03:58 PDT

(needs test case)

alan

Comment 3 2025-04-02 05:37:03 PDT

Created attachment 474802 [details] Patch

alan

Comment 4 2025-04-02 06:08:04 PDT

Created attachment 474803 [details] Patch

alan

Comment 5 2025-04-02 09:13:06 PDT

Created attachment 474807 [details] [fast-cq]Patch

EWS

Comment 6 2025-04-02 15:06:15 PDT

Committed 293119@main (cab087edfb44): <https://commits.webkit.org/293119@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 474807 [details].

Sammy Gill

Comment 7 2025-04-17 10:26:07 PDT

Reopened Bugzilla. Possible UAF in FloatingObjects, tracking revert in https://bugs.webkit.org/show_bug.cgi?id=291691.

alan

Comment 8 2025-04-18 15:58:42 PDT

Created attachment 474958 [details] Patch

alan

Comment 9 2025-04-18 16:02:48 PDT

Created attachment 474959 [details] [fast-cq]Patch

EWS

Comment 10 2025-04-19 05:21:41 PDT

Committed 293889@main (68742b8cd041): <https://commits.webkit.org/293889@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 474959 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

alan

Reported

2025-04-01 19:37 PDT

Modified

2025-04-19 05:21 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

291691

Blocks

Dependencies

tree graph