[webkit-changes] cvs commit: WebCore/khtml/rendering
render_table.cpp render_table.h
Timothy
thatcher at opensource.apple.com
Thu Jan 5 17:34:01 PST 2006
thatcher 06/01/05 17:34:01
Modified: . Tag: Safari-1-3-branch ChangeLog
khtml/rendering Tag: Safari-1-3-branch render_table.cpp
render_table.h
Log:
Merged fix from TOT to Safari-1-3-branch
2005-10-25 Beth Dakin <bdakin at apple.com>
Reviewed by Maciej
Fix for <rdar://problem/4148730> SureSec si#182 safari heap overflow.
When a table has a really huge rowSpan, Safari used to crash because
the malloc of the grid for the table failed. This fix just checks for
the success of the malloc.
* khtml/rendering/render_table.cpp:
(RenderTableSection::ensureRows): Return false if the grid resize is not
successful.
(RenderTableSection::addCell): Return early if ensureRows() returned false.
* khtml/rendering/render_table.h: Make ensureRows() return a bool instead
of void.
Revision Changes Path
No revision
No revision
1.18.2.7 +20 -0 WebCore/ChangeLog
Index: ChangeLog
===================================================================
RCS file: /cvs/root/WebCore/ChangeLog,v
retrieving revision 1.18.2.6
retrieving revision 1.18.2.7
diff -u -r1.18.2.6 -r1.18.2.7
--- ChangeLog 5 Jan 2006 01:13:05 -0000 1.18.2.6
+++ ChangeLog 6 Jan 2006 01:33:56 -0000 1.18.2.7
@@ -1,3 +1,23 @@
+2006-01-05 Timothy Hatcher <timothy at apple.com>
+
+ Merged fix from TOT to Safari-1-3-branch
+
+ 2005-10-25 Beth Dakin <bdakin at apple.com>
+
+ Reviewed by Maciej
+
+ Fix for <rdar://problem/4148730> SureSec si#182 safari heap overflow.
+ When a table has a really huge rowSpan, Safari used to crash because
+ the malloc of the grid for the table failed. This fix just checks for
+ the success of the malloc.
+
+ * khtml/rendering/render_table.cpp:
+ (RenderTableSection::ensureRows): Return false if the grid resize is not
+ successful.
+ (RenderTableSection::addCell): Return early if ensureRows() returned false.
+ * khtml/rendering/render_table.h: Make ensureRows() return a bool instead
+ of void.
+
=== WebCore-315.14 ===
2005-12-22 Vicki Murley <vicki at apple.com>
No revision
No revision
1.123.6.5 +6 -3 WebCore/khtml/rendering/render_table.cpp
Index: render_table.cpp
===================================================================
RCS file: /cvs/root/WebCore/khtml/rendering/render_table.cpp,v
retrieving revision 1.123.6.4
retrieving revision 1.123.6.5
diff -u -r1.123.6.4 -r1.123.6.5
--- render_table.cpp 22 Dec 2005 19:59:46 -0000 1.123.6.4
+++ render_table.cpp 6 Jan 2006 01:33:58 -0000 1.123.6.5
@@ -891,12 +891,13 @@
RenderContainer::addChild(child,beforeChild);
}
-void RenderTableSection::ensureRows(int numRows)
+bool RenderTableSection::ensureRows(int numRows)
{
int nRows = gridRows;
if (numRows > nRows) {
if (numRows > static_cast<int>(grid.size()))
- grid.resize(numRows*2+1);
+ if (!grid.resize(numRows*2+1))
+ return false;
gridRows = numRows;
int nCols = table()->numEffCols();
@@ -911,6 +912,7 @@
}
}
+ return true;
}
void RenderTableSection::addCell( RenderTableCell *cell )
@@ -961,7 +963,8 @@
}
// make sure we have enough rows
- ensureRows( cRow + rSpan );
+ if (!ensureRows( cRow + rSpan ))
+ return;
int col = cCol;
// tell the cell where it is
1.45.6.2 +1 -1 WebCore/khtml/rendering/render_table.h
Index: render_table.h
===================================================================
RCS file: /cvs/root/WebCore/khtml/rendering/render_table.h,v
retrieving revision 1.45.6.1
retrieving revision 1.45.6.2
diff -u -r1.45.6.1 -r1.45.6.2
--- render_table.h 17 Nov 2005 22:36:38 -0000 1.45.6.1
+++ render_table.h 6 Jan 2006 01:33:59 -0000 1.45.6.2
@@ -271,7 +271,7 @@
void recalcCells();
protected:
- void ensureRows( int numRows );
+ bool ensureRows(int numRows);
void clearGrid();
};
More information about the webkit-changes
mailing list