[webkit-reviews] review denied: [Bug 234018] nullptr deref in ComputeFloatOffsetForLineLayoutAdapter<FloatingObject::FloatLeft>::updateOffsetIfNeeded : [Attachment 446840] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 10 16:36:34 PST 2021
Darin Adler <darin at apple.com> has denied Gabriel Nava Marino
<gnavamarino at apple.com>'s request for review:
Bug 234018: nullptr deref in
ComputeFloatOffsetForLineLayoutAdapter<FloatingObject::FloatLeft>::updateOffset
IfNeeded
https://bugs.webkit.org/show_bug.cgi?id=234018
Attachment 446840: Patch
https://bugs.webkit.org/attachment.cgi?id=446840&action=review
--- Comment #11 from Darin Adler <darin at apple.com> ---
Comment on attachment 446840
--> https://bugs.webkit.org/attachment.cgi?id=446840
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=446840&action=review
> Source/WebCore/rendering/RenderBlockFlow.cpp:2121
> + return blockFlow.subtreeContainsFloat(renderer);
This is wrong. Should be:
if (blockFlow.subtreeContainsFloat(renderer))
return true;
One other thought: we could probably do a version of this algorithm that walks
the tree without using recursion.
> Source/WebCore/rendering/RenderBlockFlow.cpp:2136
> + return blockFlow.subtreeContainsFloats();
Ditto.
More information about the webkit-reviews
mailing list