Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 42bd7f4d00792d04c77557feed044658f516b149 https://github.com/WebKit/WebKit/commit/42bd7f4d00792d04c77557feed044658f516b149 Author: Antti Koivisto <an...@apple.com> Date: 2023-06-29 (Thu, 29 Jun 2023)
Changed paths: M Source/WTF/wtf/CheckedRef.h M Source/WebCore/layout/formattingContexts/inline/InlineItemsBuilder.cpp Log Message: ----------- Nullptr crash in Layout::InlineItemsBuilder::collectInlineItems https://bugs.webkit.org/show_bug.cgi?id=258664 rdar://111272076 Reviewed by Alan Baradlay. Looks like a null item in LayoutQueue. * Source/WTF/wtf/CheckedRef.h: (WTF::downcast): Add CheckedRef<const Foo> version of downcast<>. * Source/WebCore/layout/formattingContexts/inline/InlineItemsBuilder.cpp: (WebCore::Layout::traverseUntilDamaged): Make LayoutQueue use CheckedRef. (WebCore::Layout::initializeLayoutQueue): Test for null formattingContextRoot.firstChild() first so we don't add a nullptr to LayoutQueue. (WebCore::Layout::InlineItemsBuilder::collectInlineItems): Canonical link: https://commits.webkit.org/265618@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes