Issue 10970020: Merge 129144 - Prevent reading stale data from InlineTextBoxes

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 10970020: Merge 129144 - Prevent reading stale data from InlineTextBoxes (Closed)

Created:
8 years, 3 months ago by leviw_travelin_and_unemployed

Modified:
8 years, 3 months ago

Reviewers:
leviw_travelin_and_unemployed

CC:
chromium-reviews

Base URL:
http://svn.webkit.org/repository/webkit/branches/chromium/1229/

Visibility:
Public.

More Reviews

Description

Merge 129144 - Prevent reading stale data from InlineTextBoxes https://bugs.webkit.org/show_bug.cgi?id=94750 Reviewed by Eric Seidel. Text from dirty InlineTextBoxes should never be read or used. This change enforces this design goal by forcefully zero-ing out the start and length of InlineTextBoxes when they're being marked dirty. It also adds asserts to accessors for those members. This change involves making markDirty virtual. Running the line-layout performance test as well as profiling resizing the html5 spec showed negligable impact with this change. No new tests as this doesn't change any proper behavior. * rendering/InlineBox.h: (WebCore::InlineBox::markDirty): Making virtual to allow InlineTextBox to overload and zero out its start and length. * rendering/InlineTextBox.cpp: (WebCore::InlineTextBox::markDirty): Zeroing out start and length when we mark the box dirty. * rendering/InlineTextBox.h: (WebCore::InlineTextBox::start): Adding an assert when we hit this case. (WebCore::InlineTextBox::end): Ditto. (WebCore::InlineTextBox::len): Ditto. (WebCore::InlineTextBox::offsetRun): Ditto. TBR=leviw@chromium.org Committed: https://trac.webkit.org/changeset/129147

Patch Set 1 #

Created: 8 years, 3 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+16 lines, -5 lines)			Patch
M	Source/WebCore/rendering/InlineBox.h	View	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/WebCore/rendering/InlineTextBox.h	View	1 chunk	+6 lines, -4 lines	0 comments	Download
M	Source/WebCore/rendering/InlineTextBox.cpp	View	1 chunk	+9 lines, -0 lines	0 comments	Download

Messages

Total messages: 1 (0 generated)

Expand Messages | Collapse Messages