Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(591)

Issue 13852041: Harden column splitting code against bad casts. Make sure that |curr| is a descendant of |fromBlock… (Closed)

Created:
7 years, 8 months ago by inferno
Modified:
7 years, 8 months ago
CC:
blink-reviews, jchaffraix+rendering, eseidel, leviw_travelin_and_unemployed
Visibility:
Public.

Description

Harden column splitting code against bad casts. Make sure that |curr| is a descendant of |fromBlock|. We need to check in every iteration of the loop because moveChildrenTo could have moved |curr|. This is a mitigation and not really a fix against a class of tree craziness. BUG=189089 TEST=none since current fuzzed testcase does not minimize Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=148760

Patch Set 1 #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -1 line) Patch
M Source/core/rendering/RenderBlock.cpp View 1 chunk +1 line, -1 line 1 comment Download

Messages

Total messages: 10 (0 generated)
Julien - ping for review
LGTM but it is probably worth mentioning that this is a mitigation (not really a ...
7 years, 8 months ago (2013-04-19 21:21:50 UTC) #1
inferno
On 2013/04/19 21:21:50, Julien Chaffraix wrote: > LGTM but it is probably worth mentioning that ...
7 years, 8 months ago (2013-04-19 21:23:08 UTC) #2
esprehn
https://codereview.chromium.org/13852041/diff/1/Source/core/rendering/RenderBlock.cpp File Source/core/rendering/RenderBlock.cpp (right): https://codereview.chromium.org/13852041/diff/1/Source/core/rendering/RenderBlock.cpp#newcode628 Source/core/rendering/RenderBlock.cpp:628: while (curr && curr->isDescendantOf(fromBlock) && curr != fromBlock) { ...
7 years, 8 months ago (2013-04-19 21:24:52 UTC) #3
inferno
On 2013/04/19 21:24:52, esprehn wrote: > https://codereview.chromium.org/13852041/diff/1/Source/core/rendering/RenderBlock.cpp > File Source/core/rendering/RenderBlock.cpp (right): > > https://codereview.chromium.org/13852041/diff/1/Source/core/rendering/RenderBlock.cpp#newcode628 > ...
7 years, 8 months ago (2013-04-19 21:27:29 UTC) #4
inferno
On 2013/04/19 21:27:29, inferno wrote: > On 2013/04/19 21:24:52, esprehn wrote: > > > https://codereview.chromium.org/13852041/diff/1/Source/core/rendering/RenderBlock.cpp ...
7 years, 8 months ago (2013-04-19 21:29:47 UTC) #5
esprehn
Could you mention in the issue description that you need to check this in every ...
7 years, 8 months ago (2013-04-19 21:33:19 UTC) #6
inferno
On 2013/04/19 21:33:19, esprehn wrote: > Could you mention in the issue description that you ...
7 years, 8 months ago (2013-04-19 21:34:17 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/inferno@chromium.org/13852041/1
7 years, 8 months ago (2013-04-19 21:35:02 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/inferno@chromium.org/13852041/1
7 years, 8 months ago (2013-04-19 21:35:22 UTC) #9
inferno
7 years, 8 months ago (2013-04-19 21:44:58 UTC) #10
Message was sent while issue was closed.
Committed patchset #1 manually as r148760 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698