Title: [278975] trunk/Source/WebCore
- Revision
- 278975
- Author
- mmaxfi...@apple.com
- Date
- 2021-06-16 23:19:31 -0700 (Wed, 16 Jun 2021)
Log Message
Make FontFaceSet::Iterator's bounds check more robust
https://bugs.webkit.org/show_bug.cgi?id=227048
<rdar://problem/78871890>
Reviewed by Simon Fraser.
We were checking for one specific bad value, when we should have been checking for all bad values.
* css/FontFaceSet.cpp:
(WebCore::FontFaceSet::Iterator::next):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (278974 => 278975)
--- trunk/Source/WebCore/ChangeLog 2021-06-17 05:39:51 UTC (rev 278974)
+++ trunk/Source/WebCore/ChangeLog 2021-06-17 06:19:31 UTC (rev 278975)
@@ -1,3 +1,16 @@
+2021-06-16 Myles C. Maxfield <mmaxfi...@apple.com>
+
+ Make FontFaceSet::Iterator's bounds check more robust
+ https://bugs.webkit.org/show_bug.cgi?id=227048
+ <rdar://problem/78871890>
+
+ Reviewed by Simon Fraser.
+
+ We were checking for one specific bad value, when we should have been checking for all bad values.
+
+ * css/FontFaceSet.cpp:
+ (WebCore::FontFaceSet::Iterator::next):
+
2021-06-16 Chris Dumez <cdu...@apple.com>
Document's execCommand() / queryCommand*() should throw an exception on non-HTML/XHTML documents
Modified: trunk/Source/WebCore/css/FontFaceSet.cpp (278974 => 278975)
--- trunk/Source/WebCore/css/FontFaceSet.cpp 2021-06-17 05:39:51 UTC (rev 278974)
+++ trunk/Source/WebCore/css/FontFaceSet.cpp 2021-06-17 06:19:31 UTC (rev 278975)
@@ -93,7 +93,7 @@
RefPtr<FontFace> FontFaceSet::Iterator::next()
{
- if (m_index == m_target->size())
+ if (m_index >= m_target->size())
return nullptr;
return m_target->backing()[m_index++].wrapper(m_target->scriptExecutionContext());
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
