[webkit-changes] [WebKit/WebKit] e357a6: Web content process crashes when mutating grid-tem...
Arunsundar Kannan
noreply at github.com
Mon May 22 12:40:16 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e357a6a2cd384f7aa70e6aa4f2e552829e971b3c
https://github.com/WebKit/WebKit/commit/e357a6a2cd384f7aa70e6aa4f2e552829e971b3c
Author: Arunsundar Kannan <arunsundar_kannan at apple.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
A LayoutTests/fast/css-grid-layout/GridtrackSizing-overflowon-mutating-grid-columns-expected.txt
A LayoutTests/fast/css-grid-layout/GridtrackSizing-overflowon-mutating-grid-columns.html
M Source/WebCore/rendering/RenderGrid.cpp
Log Message:
-----------
Web content process crashes when mutating grid-template-columns of subgrid parent grid.
https://bugs.webkit.org/show_bug.cgi?id=253916.
rdar://106458581.
Reviewed by Matt Woodrow.
After grid-template-column of the subgrid's parent grid mutates, needsItemsPlacement flag is not set for the subgrid's currentgrid. As a result, gridTracks for subgrids->curretGrid() don't undergo resizing, resulting in a OOB in copyUsedTrackSizesForSubgrid().This changes sets needsItemPlacement flag as needed.
* LayoutTests/fast/css-grid-layout/GridtrackSizing-overflowon-mutating-grid-columns-expected.txt: Added.
* LayoutTests/fast/css-grid-layout/GridtrackSizing-overflowon-mutating-grid-columns.html: Added.
* Source/WebCore/rendering/RenderGrid.cpp:
(WebCore::RenderGrid::placeItemsOnGrid):
Originally-landed-as: 259548.434 at safari-7615-branch (54a21b4db4fa). rdar://106458581
Canonical link: https://commits.webkit.org/264346@main
More information about the webkit-changes
mailing list