Title: [198506] trunk
- Revision
- 198506
- Author
- za...@apple.com
- Date
- 2016-03-21 16:29:58 -0700 (Mon, 21 Mar 2016)
Log Message
WebCore::RenderTableCell::setCol should put a cap on the column value.
https://bugs.webkit.org/show_bug.cgi?id=155642
<rdar://problem/15895201>
Reviewed by Simon Fraser.
This patch ensures that we don't crash when the column number is large enough.
see webkit.org/b/71135 for more information.
Source/WebCore:
Test: tables/colspan-with-large-value-crash.html
* rendering/RenderTableCell.h:
(WebCore::RenderTableCell::setCol):
LayoutTests:
* tables/colspan-with-large-value-crash-expected.txt: Added.
* tables/colspan-with-large-value-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (198505 => 198506)
--- trunk/LayoutTests/ChangeLog 2016-03-21 23:05:18 UTC (rev 198505)
+++ trunk/LayoutTests/ChangeLog 2016-03-21 23:29:58 UTC (rev 198506)
@@ -1,3 +1,17 @@
+2016-03-21 Zalan Bujtas <za...@apple.com>
+
+ WebCore::RenderTableCell::setCol should put a cap on the column value.
+ https://bugs.webkit.org/show_bug.cgi?id=155642
+ <rdar://problem/15895201>
+
+ Reviewed by Simon Fraser.
+
+ This patch ensures that we don't crash when the column number is large enough.
+ see webkit.org/b/71135 for more information.
+
+ * tables/colspan-with-large-value-crash-expected.txt: Added.
+ * tables/colspan-with-large-value-crash.html: Added.
+
2016-03-21 Brady Eidson <beid...@apple.com>
storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange.html flaky on mac-wk2.
Added: trunk/LayoutTests/tables/colspan-with-large-value-crash-expected.txt (0 => 198506)
--- trunk/LayoutTests/tables/colspan-with-large-value-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/tables/colspan-with-large-value-crash-expected.txt 2016-03-21 23:29:58 UTC (rev 198506)
@@ -0,0 +1,2 @@
+PASS if no crash.
+
Added: trunk/LayoutTests/tables/colspan-with-large-value-crash.html (0 => 198506)
--- trunk/LayoutTests/tables/colspan-with-large-value-crash.html (rev 0)
+++ trunk/LayoutTests/tables/colspan-with-large-value-crash.html 2016-03-21 23:29:58 UTC (rev 198506)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>This tests that we do not crash when colspan value is large.</title>
+</head>
+<body>
+PASS if no crash.
+<table>
+ <td colspan="53927142"></td>
+ <th>
+ <td></td>
+ </th>
+</table>
+<script>
+ if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (198505 => 198506)
--- trunk/Source/WebCore/ChangeLog 2016-03-21 23:05:18 UTC (rev 198505)
+++ trunk/Source/WebCore/ChangeLog 2016-03-21 23:29:58 UTC (rev 198506)
@@ -1,3 +1,19 @@
+2016-03-21 Zalan Bujtas <za...@apple.com>
+
+ WebCore::RenderTableCell::setCol should put a cap on the column value.
+ https://bugs.webkit.org/show_bug.cgi?id=155642
+ <rdar://problem/15895201>
+
+ Reviewed by Simon Fraser.
+
+ This patch ensures that we don't crash when the column number is large enough.
+ see webkit.org/b/71135 for more information.
+
+ Test: tables/colspan-with-large-value-crash.html
+
+ * rendering/RenderTableCell.h:
+ (WebCore::RenderTableCell::setCol):
+
2016-03-21 Simon Fraser <simon.fra...@apple.com>
[iOS WK2] Use larger tiles when possible to reduce per-tile painting overhead
Modified: trunk/Source/WebCore/rendering/RenderTableCell.h (198505 => 198506)
--- trunk/Source/WebCore/rendering/RenderTableCell.h 2016-03-21 23:05:18 UTC (rev 198505)
+++ trunk/Source/WebCore/rendering/RenderTableCell.h 2016-03-21 23:29:58 UTC (rev 198506)
@@ -237,7 +237,7 @@
inline void RenderTableCell::setCol(unsigned column)
{
if (UNLIKELY(column > maxColumnIndex))
- CRASH();
+ column = maxColumnIndex;
m_column = column;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes