[Webkit-unassigned] [Bug 256165] New: UBSan: RenderObjects sets height to number that doesn't fit in an integer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon May 1 08:57:40 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=256165

            Bug ID: 256165
           Summary: UBSan: RenderObjects sets height to number that
                    doesn't fit in an integer
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: doremylover123 at gmail.com

If geometries has size 0 or whenever working on the first geometry, the height can be set to INT_MAX - INT_MIN, which cannot fit in a signed integer. We need to avoid this by specializing those cases.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230501/d75e6fd6/attachment.htm>

More information about the webkit-unassigned mailing list