[webkit-changes] [WebKit/WebKit] 8b62fd: [@property] Nullptr crash with calc()
Antti Koivisto
noreply at github.com
Thu Apr 27 06:29:00 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8b62fda7097bfee9488a412c9d1f52a0393887c3
https://github.com/WebKit/WebKit/commit/8b62fda7097bfee9488a412c9d1f52a0393887c3
Author: Antti Koivisto <antti at apple.com>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
A LayoutTests/fast/css/custom-properties/at-property-calc-crash-expected.txt
A LayoutTests/fast/css/custom-properties/at-property-calc-crash.html
M Source/WebCore/css/CSSCustomPropertyValue.cpp
M Source/WebCore/css/calc/CSSCalcValue.cpp
Log Message:
-----------
[@property] Nullptr crash with calc()
https://bugs.webkit.org/show_bug.cgi?id=256032
rdar://105491386
Reviewed by Alan Baradlay.
* LayoutTests/fast/css/custom-properties/at-property-calc-crash.html: Added.
* LayoutTests/fast/css/custom-properties/at-property-calc-crash-expected.txt: Added.
* Source/WebCore/css/CSSCustomPropertyValue.cpp:
(WebCore::CSSCustomPropertyValue::customCSSText const):
Ensure that we don't crash even if the calc expression building returns null.
* Source/WebCore/css/calc/CSSCalcValue.cpp:
(WebCore::createCSS):
Limit zero-length elimination when constructing CSSCalcExpressionNodes from CalcExpressionNodes to sum and substract expressions.
With other expression types eliminating zeroes can lead to miscomputing the expression unit category and
the building code returning null.
Canonical link: https://commits.webkit.org/263453@main
More information about the webkit-changes
mailing list