[Webkit-unassigned] [Bug 254750] New: Return value of LineBoxBuilder::lineContent is not a reference

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 30 10:20:57 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=254750

            Bug ID: 254750
           Summary: Return value of LineBoxBuilder::lineContent is not a
                    reference
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

The return value of LineBoxBuilder::lineContent looks probably incorrect:

const LineBuilder::LineContent lineContent() const { return m_lineContent; }

If it was intended to return a copy, then it would surely return a non-const LineBuilder::LineContent, so I think this should probably be changed to:

const LineBuilder::LineContent& lineContent() const { return m_lineContent; }

But I have not checked to see if this change would be safe. I noticed due to this false-positive GCC 13 warning:

In file included from /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk4/WebCore/DerivedSources/unified-sources/UnifiedSource-207b877e-5.cpp:2:
/home/mcatanzaro/Projects/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineLineBoxBuilder.cpp: In member function ‘void WebCore::Layout::LineBoxBuilder::adjustOutsideListMarkersPosition(WebCore::Layout::LineBox&)’:
/home/mcatanzaro/Projects/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:714:15: error: possibly dangling reference to a temporary [-Werror=dangling-reference]
  714 |         auto& listMarkerRun = lineContent().runs[listMarkerBoxIndex];
      |               ^~~~~~~~~~~~~
/home/mcatanzaro/Projects/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:714:68: note: the temporary was destroyed at the end of the full expression ‘(& WebCore::Layout::LineBoxBuilder::lineContent() const().WebCore::Layout::LineBuilder::LineContent::runs)->WTF::Vector<WebCore::Layout::Line::Run, 10>::operator[](listMarkerBoxIndex)’
  714 |         auto& listMarkerRun = lineContent().runs[listMarkerBoxIndex];
      |                                                                    ^

It looks bad, but I don't think it's a real problem because although lineContent() is itself invalid after this statement, lineContent().runs[listMarkerBoxIndex] should still be valid.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230330/aa50e4fe/attachment.htm>

More information about the webkit-unassigned mailing list