[webkit-changes] cvs commit: WebCore/khtml/rendering render_table.cpp render_table.h

Tue Oct 25 15:26:30 PDT 2005

bdakin      05/10/25 15:26:30

  Modified:    .        ChangeLog
               .        ChangeLog
               khtml/rendering render_table.cpp render_table.h
  Added:       fast/table giantRowspan-expected.checksum
                        giantRowspan-expected.png giantRowspan-expected.txt
                        giantRowspan.html
  Log:
  
  
  Revision  Changes    Path
  1.56      +10 -0     LayoutTests/ChangeLog
  
  Index: ChangeLog
  ===================================================================
  RCS file: /cvs/root/LayoutTests/ChangeLog,v
  retrieving revision 1.55
  retrieving revision 1.56
  diff -u -r1.55 -r1.56
  --- ChangeLog	25 Oct 2005 20:56:02 -0000	1.55
  +++ ChangeLog	25 Oct 2005 22:26:25 -0000	1.56
  @@ -1,3 +1,13 @@
  +2005-10-25  Beth Dakin  <bdakin at apple.com>
  +
  +        Layout test for <rdar://problem/4148730> SureSec si#182 safari heap overflow
  +	The fix is in WebCore.
  +
  +        * fast/table/giantRowspan-expected.checksum: Added.
  +        * fast/table/giantRowspan-expected.png: Added.
  +        * fast/table/giantRowspan-expected.txt: Added.
  +        * fast/table/giantRowspan.html: Added.
  +
   2005-10-25  Vicki Murley  <vicki at apple.com>
   
   	- updated results for <rdar://problem/4288276> DOM tests expect hierarchy exception 
  
  
  
  1.1                  LayoutTests/fast/table/giantRowspan-expected.checksum
  
  Index: giantRowspan-expected.checksum
  ===================================================================
  7b5e25efee371d484d61886ee4c7b035
  
  
  1.1                  LayoutTests/fast/table/giantRowspan-expected.png
  
  	<<Binary file>>
  
  
  1.1                  LayoutTests/fast/table/giantRowspan-expected.txt
  
  Index: giantRowspan-expected.txt
  ===================================================================
  layer at (0,0) size 800x600
    RenderCanvas at (0,0) size 800x600
  layer at (0,0) size 800x600
    RenderBlock {HTML} at (0,0) size 800x600
      RenderBody {BODY} at (8,8) size 784x584
        RenderBlock {HR} at (0,0) size 784x2 [border: (1px inset #000000)]
        RenderTable {TABLE} at (0,10) size 4x2
          RenderTableSection {TBODY} at (0,0) size 0x2
            RenderTableRow {TR} at (0,0) size 0x0
              RenderTableCell {TD} at (0,0) size 0x2 [r=-1 c=-1 rs=1947483647 cs=1]
  
  
  
  1.1                  LayoutTests/fast/table/giantRowspan.html
  
  Index: giantRowspan.html
  ===================================================================
  <table><hr><td rowspan=1947483647>
  
  
  1.286     +16 -0     WebCore/ChangeLog
  
  Index: ChangeLog
  ===================================================================
  RCS file: /cvs/root/WebCore/ChangeLog,v
  retrieving revision 1.285
  retrieving revision 1.286
  diff -u -r1.285 -r1.286
  --- ChangeLog	25 Oct 2005 21:14:25 -0000	1.285
  +++ ChangeLog	25 Oct 2005 22:26:26 -0000	1.286
  @@ -1,3 +1,19 @@
  +2005-10-25  Beth Dakin  <bdakin at apple.com>
  +
  +        Reviewed by Maciej
  +
  +	Fix for <rdar://problem/4148730> SureSec si#182 safari heap overflow.
  +	When a table has a really huge rowSpan, Safari used to crash because
  +	the malloc of the grid for the table failed. This fix just checks for
  +	the success of the malloc.
  +
  +        * khtml/rendering/render_table.cpp:
  +        (RenderTableSection::ensureRows): Return false if the grid resize is not 
  +	successful.
  +        (RenderTableSection::addCell): Return early if ensureRows() returned false.
  +        * khtml/rendering/render_table.h: Make ensureRows() return a bool instead
  +	of void.
  +
   2005-10-25  Adele Peterson  <adele at apple.com>
   
           Reviewed by Hyatt.
  
  
  
  1.136     +6 -3      WebCore/khtml/rendering/render_table.cpp
  
  Index: render_table.cpp
  ===================================================================
  RCS file: /cvs/root/WebCore/khtml/rendering/render_table.cpp,v
  retrieving revision 1.135
  retrieving revision 1.136
  diff -u -r1.135 -r1.136
  --- render_table.cpp	6 Oct 2005 00:53:59 -0000	1.135
  +++ render_table.cpp	25 Oct 2005 22:26:29 -0000	1.136
  @@ -902,12 +902,13 @@
       RenderContainer::addChild(child,beforeChild);
   }
   
  -void RenderTableSection::ensureRows(int numRows)
  +bool RenderTableSection::ensureRows(int numRows)
   {
       int nRows = gridRows;
       if (numRows > nRows) {
           if (numRows > static_cast<int>(grid.size()))
  -            grid.resize(numRows*2+1);
  +            if (!grid.resize(numRows*2+1))
  +                return false;
   
           gridRows = numRows;
           int nCols = table()->numEffCols();
  @@ -919,6 +920,7 @@
   	}
       }
   
  +    return true;
   }
   
   void RenderTableSection::addCell( RenderTableCell *cell )
  @@ -991,7 +993,8 @@
       }
   
       // make sure we have enough rows
  -    ensureRows( cRow + rSpan );
  +    if (!ensureRows( cRow + rSpan ))
  +        return;
   
       int col = cCol;
       // tell the cell where it is
  
  
  
  1.48      +1 -1      WebCore/khtml/rendering/render_table.h
  
  Index: render_table.h
  ===================================================================
  RCS file: /cvs/root/WebCore/khtml/rendering/render_table.h,v
  retrieving revision 1.47
  retrieving revision 1.48
  diff -u -r1.47 -r1.48
  --- render_table.h	6 Oct 2005 00:53:59 -0000	1.47
  +++ render_table.h	25 Oct 2005 22:26:30 -0000	1.48
  @@ -267,7 +267,7 @@
   
       void recalcCells();
   protected:
  -    void ensureRows( int numRows );
  +    bool ensureRows(int numRows);
       void clearGrid();
   };