[webkit-changes] [WebKit/WebKit] 32dd4c: REGRESSION(288455 at main): Crash in WebCore::ImageBa...
Michael Catanzaro
noreply at github.com
Wed Feb 19 08:06:46 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 32dd4c71d022ac4461a37ac5cc039c68f485006d
https://github.com/WebKit/WebKit/commit/32dd4c71d022ac4461a37ac5cc039c68f485006d
Author: Michael Catanzaro <mcatanzaro at redhat.com>
Date: 2025-02-19 (Wed, 19 Feb 2025)
Changed paths:
M Source/WebCore/platform/graphics/ImageBackingStore.h
Log Message:
-----------
REGRESSION(288455 at main): Crash in WebCore::ImageBackingStore::clearRect when opening emoji chooser on Slack
https://bugs.webkit.org/show_bug.cgi?id=286477
Reviewed by Chris Dumez.
The original code here would skip past the bounds of the array on the
final loop iteration, which was previously fine because we did not
actually dereference the array out of bounds. Now that we have switched
to span, it's no longer fine: creating a subspan out of bounds triggers
an assertion failure when built with stdlib assertions enabled.
* Source/WebCore/platform/graphics/ImageBackingStore.h:
(WebCore::ImageBackingStore::clearRect):
(WebCore::ImageBackingStore::fillRect):
(WebCore::ImageBackingStore::repeatFirstRow):
Canonical link: https://commits.webkit.org/290611@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list