[webkit-changes] [WebKit/WebKit] 42bd7f: Nullptr crash in Layout::InlineItemsBuilder::colle...
Antti Koivisto
noreply at github.com
Thu Jun 29 07:15:23 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 42bd7f4d00792d04c77557feed044658f516b149
https://github.com/WebKit/WebKit/commit/42bd7f4d00792d04c77557feed044658f516b149
Author: Antti Koivisto <antti at apple.com>
Date: 2023-06-29 (Thu, 29 Jun 2023)
Changed paths:
M Source/WTF/wtf/CheckedRef.h
M Source/WebCore/layout/formattingContexts/inline/InlineItemsBuilder.cpp
Log Message:
-----------
Nullptr crash in Layout::InlineItemsBuilder::collectInlineItems
https://bugs.webkit.org/show_bug.cgi?id=258664
rdar://111272076
Reviewed by Alan Baradlay.
Looks like a null item in LayoutQueue.
* Source/WTF/wtf/CheckedRef.h:
(WTF::downcast):
Add CheckedRef<const Foo> version of downcast<>.
* Source/WebCore/layout/formattingContexts/inline/InlineItemsBuilder.cpp:
(WebCore::Layout::traverseUntilDamaged):
Make LayoutQueue use CheckedRef.
(WebCore::Layout::initializeLayoutQueue):
Test for null formattingContextRoot.firstChild() first so we don't add a nullptr to LayoutQueue.
(WebCore::Layout::InlineItemsBuilder::collectInlineItems):
Canonical link: https://commits.webkit.org/265618@main
More information about the webkit-changes
mailing list