Skip to site navigation (Press enter)

[webkit-changes] [261208] trunk/Source/WebCore

commit-queue Tue, 05 May 2020 18:42:37 -0700

Title: [261208] trunk/Source/WebCore

Revision: 261208
Author: commit-qu...@webkit.org
Date: 2020-05-05 18:40:57 -0700 (Tue, 05 May 2020)

Log Message

Crash in match_constness<WebCore::CSSValue, WebCore::CSSPrimitiveValue>::type& WTF::downcast<WebCore::CSSPrimitiveValue, WebCore::CSSValue> -- ASAN
https://bugs.webkit.org/show_bug.cgi?id=211479


Patch by Pinki Gyanchandani <pgyanchand...@apple.com> on 2020-05-05
Reviewed by Geoffrey Garen.

Added check to downcast CSSValue to CSSPrimitiveValue, only if valid CSSPrimitveValue is associated with the property.

New test would be added to Internal repository.

* css/StyleProperties.cpp:
(WebCore::StyleProperties::pageBreakPropertyValue const):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/css/StyleProperties.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (261207 => 261208)


--- trunk/Source/WebCore/ChangeLog	2020-05-06 00:11:10 UTC (rev 261207)
+++ trunk/Source/WebCore/ChangeLog	2020-05-06 01:40:57 UTC (rev 261208)
@@ -1,3 +1,17 @@
+2020-05-05  Pinki Gyanchandani  <pgyanchand...@apple.com>
+
+        Crash in match_constness<WebCore::CSSValue, WebCore::CSSPrimitiveValue>::type& WTF::downcast<WebCore::CSSPrimitiveValue, WebCore::CSSValue> -- ASAN
+        https://bugs.webkit.org/show_bug.cgi?id=211479
+
+        Reviewed by Geoffrey Garen.
+    
+        Added check to downcast CSSValue to CSSPrimitiveValue, only if valid CSSPrimitveValue is associated with the property.
+
+        New test would be added to Internal repository.
+
+        * css/StyleProperties.cpp:
+        (WebCore::StyleProperties::pageBreakPropertyValue const):
+
 2020-05-05  Peng Liu  <peng.l...@apple.com>
 
         Update WebKitTestRunner to support running multiple video fullscreen and Picture-in-Picture tests simultaneously

Modified: trunk/Source/WebCore/css/StyleProperties.cpp (261207 => 261208)


--- trunk/Source/WebCore/css/StyleProperties.cpp	2020-05-06 00:11:10 UTC (rev 261207)
+++ trunk/Source/WebCore/css/StyleProperties.cpp	2020-05-06 01:40:57 UTC (rev 261208)
@@ -743,6 +743,10 @@
     // FIXME: Remove this isGlobalKeyword check after we do this consistently for all shorthands in getPropertyValue.
     if (value->isGlobalKeyword())
         return value->cssText();
+    
+    if (!is<CSSPrimitiveValue>(*value))
+        return String();
+    
     CSSValueID valueId = downcast<CSSPrimitiveValue>(*value).valueID();
     switch (valueId) {
     case CSSValuePage:

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes