Title: [236133] releases/WebKitGTK/webkit-2.22
- Revision
- 236133
- Author
- carlo...@webkit.org
- Date
- 2018-09-18 08:39:47 -0700 (Tue, 18 Sep 2018)
Log Message
Merge r235590 - REGRESSION (r191336): RenderFlexibleBox::adjustChildSizeForMinAndMax crashes in std::optional<>::value()
https://bugs.webkit.org/show_bug.cgi?id=189232
<rdar://problem/43886373>
Reviewed by Brent Fulgham.
Source/WebCore:
It's not guaranteed that RenderFlexibleBox::computeMainAxisExtentForChild() always returns with a valid value.
Test: fast/flexbox/crash-when-min-max-content-is-not-computed.html
* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax):
LayoutTests:
* fast/flexbox/crash-when-min-max-content-is-not-computed-expected.txt: Added.
* fast/flexbox/crash-when-min-max-content-is-not-computed.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog (236132 => 236133)
--- releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog 2018-09-18 15:39:41 UTC (rev 236132)
+++ releases/WebKitGTK/webkit-2.22/LayoutTests/ChangeLog 2018-09-18 15:39:47 UTC (rev 236133)
@@ -1,3 +1,14 @@
+2018-09-02 Zalan Bujtas <za...@apple.com>
+
+ REGRESSION (r191336): RenderFlexibleBox::adjustChildSizeForMinAndMax crashes in std::optional<>::value()
+ https://bugs.webkit.org/show_bug.cgi?id=189232
+ <rdar://problem/43886373>
+
+ Reviewed by Brent Fulgham.
+
+ * fast/flexbox/crash-when-min-max-content-is-not-computed-expected.txt: Added.
+ * fast/flexbox/crash-when-min-max-content-is-not-computed.html: Added.
+
2018-08-31 John Wilander <wilan...@apple.com>
Storage Access API: Maintain access through same-site navigations
Added: releases/WebKitGTK/webkit-2.22/LayoutTests/fast/flexbox/crash-when-min-max-content-is-not-computed-expected.txt (0 => 236133)
--- releases/WebKitGTK/webkit-2.22/LayoutTests/fast/flexbox/crash-when-min-max-content-is-not-computed-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.22/LayoutTests/fast/flexbox/crash-when-min-max-content-is-not-computed-expected.txt 2018-09-18 15:39:47 UTC (rev 236133)
@@ -0,0 +1,2 @@
+PASS if no crash.
+
Added: releases/WebKitGTK/webkit-2.22/LayoutTests/fast/flexbox/crash-when-min-max-content-is-not-computed.html (0 => 236133)
--- releases/WebKitGTK/webkit-2.22/LayoutTests/fast/flexbox/crash-when-min-max-content-is-not-computed.html (rev 0)
+++ releases/WebKitGTK/webkit-2.22/LayoutTests/fast/flexbox/crash-when-min-max-content-is-not-computed.html 2018-09-18 15:39:47 UTC (rev 236133)
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+.outer {
+ display: flex;
+ flex-direction: column;
+}
+
+.inner{
+ display: grid;
+ height: 100px;
+}
+</style>
+</head>
+PASS if no crash.
+<div class=outer><div class=inner></div></div>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</html>
\ No newline at end of file
Modified: releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog (236132 => 236133)
--- releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog 2018-09-18 15:39:41 UTC (rev 236132)
+++ releases/WebKitGTK/webkit-2.22/Source/WebCore/ChangeLog 2018-09-18 15:39:47 UTC (rev 236133)
@@ -1,3 +1,18 @@
+2018-09-02 Zalan Bujtas <za...@apple.com>
+
+ REGRESSION (r191336): RenderFlexibleBox::adjustChildSizeForMinAndMax crashes in std::optional<>::value()
+ https://bugs.webkit.org/show_bug.cgi?id=189232
+ <rdar://problem/43886373>
+
+ Reviewed by Brent Fulgham.
+
+ It's not guaranteed that RenderFlexibleBox::computeMainAxisExtentForChild() always returns with a valid value.
+
+ Test: fast/flexbox/crash-when-min-max-content-is-not-computed.html
+
+ * rendering/RenderFlexibleBox.cpp:
+ (WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax):
+
2018-08-31 Jer Noble <jer.no...@apple.com>
Compilation error in FormData.cpp: incomplete type 'WebCore::SharedBuffer'
Modified: releases/WebKitGTK/webkit-2.22/Source/WebCore/rendering/RenderFlexibleBox.cpp (236132 => 236133)
--- releases/WebKitGTK/webkit-2.22/Source/WebCore/rendering/RenderFlexibleBox.cpp 2018-09-18 15:39:41 UTC (rev 236132)
+++ releases/WebKitGTK/webkit-2.22/Source/WebCore/rendering/RenderFlexibleBox.cpp 2018-09-18 15:39:47 UTC (rev 236133)
@@ -1087,7 +1087,9 @@
// https://drafts.csswg.org/css-flexbox/#intrinsic-sizes before that
// produces reasonable results. Tracking bug: https://crbug.com/581553
// css-flexbox section 4.5
- LayoutUnit contentSize = computeMainAxisExtentForChild(child, MinSize, Length(MinContent)).value();
+ // FIXME: If the min value is expected to be valid here, we need to come up with a non optional version of computeMainAxisExtentForChild and
+ // ensure it's valid through the virtual calls of computeIntrinsicLogicalContentHeightUsing.
+ LayoutUnit contentSize = computeMainAxisExtentForChild(child, MinSize, Length(MinContent)).value_or(0);
ASSERT(contentSize >= 0);
if (child.hasAspectRatio() && child.intrinsicSize().height() > 0)
contentSize = adjustChildSizeForAspectRatioCrossAxisMinAndMax(child, contentSize);
@@ -1095,7 +1097,7 @@
Length mainSize = isHorizontalFlow() ? child.style().width() : child.style().height();
if (mainAxisLengthIsDefinite(child, mainSize)) {
- LayoutUnit resolvedMainSize = computeMainAxisExtentForChild(child, MainOrPreferredSize, mainSize).value();
+ LayoutUnit resolvedMainSize = computeMainAxisExtentForChild(child, MainOrPreferredSize, mainSize).value_or(0);
ASSERT(resolvedMainSize >= 0);
LayoutUnit specifiedSize = std::min(resolvedMainSize, maxExtent.value_or(resolvedMainSize));
return std::max(childSize, std::min(specifiedSize, contentSize));
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
