[Webkit-unassigned] [Bug 151524] New: [GTK] Off-by-one error in getStyleContext()

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=151524

            Bug ID: 151524
           Summary: [GTK] Off-by-one error in getStyleContext()
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

In getStyleContext() in RenderThemeGtk.cpp:

GtkWidgetPath* path = gtk_widget_path_new();
gtk_widget_path_append_type(path, widgetType);
// ...
gtk_widget_path_iter_add_class(path, 0, GTK_STYLE_CLASS_BUTTON);
gtk_widget_path_iter_add_class(path, 1, "text-button");

Only one widget type was appended to the widget path, so the maximum valid index is 0. This code means to add both style classes to the first widget type in the widget path.

This caused no bug in practice, because when the index is invalid, gtk_widget_path_iter_add_class() automatically changes the index to the last valid position in the widget path -- in this case, 0.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151120/907d2395/attachment-0001.html>