[webkit-changes] cvs commit: WebCore/khtml/rendering
render_table.cpp render_table.h
Timothy
thatcher at opensource.apple.com
Thu Jan 5 17:48:35 PST 2006
thatcher 06/01/05 17:48:34
Modified: . Tag: Safari-2-0-branch ChangeLog
khtml/rendering Tag: Safari-2-0-branch render_table.cpp
render_table.h
Log:
Merged fix from TOT to Safari-2-0-branch
2005-10-25 Beth Dakin <bdakin at apple.com>
Reviewed by Maciej
Fix for <rdar://problem/4148730> SureSec si#182 safari heap overflow.
When a table has a really huge rowSpan, Safari used to crash because
the malloc of the grid for the table failed. This fix just checks for
the success of the malloc.
* khtml/rendering/render_table.cpp:
(RenderTableSection::ensureRows): Return false if the grid resize is not
successful.
(RenderTableSection::addCell): Return early if ensureRows() returned false.
* khtml/rendering/render_table.h: Make ensureRows() return a bool instead
of void.
Revision Changes Path
No revision
No revision
1.16.2.9 +20 -0 WebCore/ChangeLog
Index: ChangeLog
===================================================================
RCS file: /cvs/root/WebCore/ChangeLog,v
retrieving revision 1.16.2.8
retrieving revision 1.16.2.9
diff -u -r1.16.2.8 -r1.16.2.9
--- ChangeLog 29 Dec 2005 21:59:00 -0000 1.16.2.8
+++ ChangeLog 6 Jan 2006 01:48:33 -0000 1.16.2.9
@@ -1,3 +1,23 @@
+2006-01-05 Adele Peterson <adele at apple.com>
+
+ Merged fix from TOT to Safari-2-0-branch
+
+ 2005-10-25 Beth Dakin <bdakin at apple.com>
+
+ Reviewed by Maciej
+
+ Fix for <rdar://problem/4148730> SureSec si#182 safari heap overflow.
+ When a table has a really huge rowSpan, Safari used to crash because
+ the malloc of the grid for the table failed. This fix just checks for
+ the success of the malloc.
+
+ * khtml/rendering/render_table.cpp:
+ (RenderTableSection::ensureRows): Return false if the grid resize is not
+ successful.
+ (RenderTableSection::addCell): Return early if ensureRows() returned false.
+ * khtml/rendering/render_table.h: Make ensureRows() return a bool instead
+ of void.
+
=== WebCore-417.18 ===
2005-12-23 Geoffrey Garen <ggaren at apple.com>
No revision
No revision
1.123.8.6 +6 -3 WebCore/khtml/rendering/render_table.cpp
Index: render_table.cpp
===================================================================
RCS file: /cvs/root/WebCore/khtml/rendering/render_table.cpp,v
retrieving revision 1.123.8.5
retrieving revision 1.123.8.6
diff -u -r1.123.8.5 -r1.123.8.6
--- render_table.cpp 4 Dec 2005 21:01:20 -0000 1.123.8.5
+++ render_table.cpp 6 Jan 2006 01:48:34 -0000 1.123.8.6
@@ -896,12 +896,13 @@
RenderContainer::addChild(child,beforeChild);
}
-void RenderTableSection::ensureRows(int numRows)
+bool RenderTableSection::ensureRows(int numRows)
{
int nRows = gridRows;
if (numRows > nRows) {
if (numRows > static_cast<int>(grid.size()))
- grid.resize(numRows*2+1);
+ if (!grid.resize(numRows*2+1))
+ return false;
gridRows = numRows;
int nCols = table()->numEffCols();
@@ -916,6 +917,7 @@
}
}
+ return true;
}
void RenderTableSection::addCell( RenderTableCell *cell )
@@ -966,7 +968,8 @@
}
// make sure we have enough rows
- ensureRows( cRow + rSpan );
+ if (!ensureRows( cRow + rSpan ))
+ return;
int col = cCol;
// tell the cell where it is
1.45.8.2 +1 -1 WebCore/khtml/rendering/render_table.h
Index: render_table.h
===================================================================
RCS file: /cvs/root/WebCore/khtml/rendering/render_table.h,v
retrieving revision 1.45.8.1
retrieving revision 1.45.8.2
diff -u -r1.45.8.1 -r1.45.8.2
--- render_table.h 17 Nov 2005 22:24:48 -0000 1.45.8.1
+++ render_table.h 6 Jan 2006 01:48:34 -0000 1.45.8.2
@@ -271,7 +271,7 @@
void recalcCells();
protected:
- void ensureRows( int numRows );
+ bool ensureRows(int numRows);
void clearGrid();
};
More information about the webkit-changes
mailing list