Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(31)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 223673008: [CSS Shapes] CRASH with calc() value args in inset round (Closed)

Created:
6 years, 8 months ago by rwlbuis
Modified:
6 years, 8 months ago
CC:
blink-reviews, ed+blinkwatch_opera.com, dglazkov+blink, apavlov+blink_chromium.org, darktears, rune+blink, rwlbuis, alancutter (OOO until 2018), Mike Lawther (Google)
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Visibility:
Public.

Description

[CSS Shapes] CRASH with calc() value args in inset round The code to parse the inset rounded corners was adding the parser value arguments to a temporary CSSParserValueList. Unfortunately, CSSParserValueList expects to own the values it contains, and it frees the values it contains when the list is destroyed. This was a problem because the values are owned by the CSSParserValueList passed in to parseInsetRoundedCorners, and thus the calc's argument list would get double freed, resulting in a crash. This patch fixes this by using a Vector to hold the pointers instead. This is a merge of http://trac.webkit.org/changeset/166726 by Bem Jones-Bey <bjonesbe@adobe.com>;. BUG=350055 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=170799

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+18 lines, -2 lines) Patch
A LayoutTests/fast/shapes/shape-outside-floats/shape-outside-inset-round-calc-crash.html View 1 chunk +16 lines, -0 lines 0 comments Download
A + LayoutTests/fast/shapes/shape-outside-floats/shape-outside-inset-round-calc-crash-expected.txt View 0 chunks +-1 lines, --1 lines 0 comments Download
M Source/core/css/parser/CSSPropertyParser.cpp View 2 chunks +3 lines, -3 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
Bem Jones-Bey (adobe)
lgtm
6 years, 8 months ago (2014-04-03 20:19:59 UTC) #1
rwlbuis
PTAL Crash fixes are always nice to have IMHO :)
6 years, 8 months ago (2014-04-03 20:48:32 UTC) #2
eseidel
lgtm
6 years, 8 months ago (2014-04-03 20:49:36 UTC) #3
rwlbuis
The CQ bit was checked by rob.buis@samsung.com
6 years, 8 months ago (2014-04-03 21:00:49 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rob.buis@samsung.com/223673008/1
6 years, 8 months ago (2014-04-03 21:01:10 UTC) #5
commit-bot: I haz the power
6 years, 8 months ago (2014-04-03 22:09:03 UTC) #6
Message was sent while issue was closed. 
Change committed as 170799

Powered by Google App Engine
This is Rietveld 408576698