[Webkit-unassigned] [Bug 218093] [css-logical] Implement logical border-radius
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 11 11:14:02 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=218093
--- Comment #47 from Oriol Brufau <obrufau at igalia.com> ---
Comment on attachment 417266
--> https://bugs.webkit.org/attachment.cgi?id=417266
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=417266&action=review
>> Source/WebCore/css/CSSProperty.cpp:63
>> +}
>
> This code is unsafe. If it's called with some random StylePropertyShorthand (not border-radius) then it can run off the end of the properties() array.
>
> Since you only call this for borderRadiusShorthand(), make it explicitly about border-radius.
Good point, though the existing resolveToPhysicalProperty are also affected, aren't they?
Maybe check the length() of the shorthand in a release assert for the functions that take a shorthand,
and for the third function replace the `const CSSPropertyID* properties` parameter with `const CSSPropertyID (&properties)[2]`?
That's basically what Chromium does.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210111/db88cfbd/attachment.htm>
More information about the webkit-unassigned
mailing list