Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(18)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/rendering/RenderBlock.cpp

Issue 358163002: Prevent a use after free in computeBlockPreferredLogicalWidths (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Add pass expectation sice this now passes on release asan Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/fast/text-autosizing/table-inflation-crash-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2007 David Smith (catfish.man@gmail.com) 4 * (C) 2007 David Smith (catfish.man@gmail.com)
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
6 * Copyright (C) Research In Motion Limited 2010. All rights reserved. 6 * Copyright (C) Research In Motion Limited 2010. All rights reserved.
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 3642 matching lines...) Expand 10 before | Expand all | Expand 10 after
3653 RenderObject* child = firstChild(); 3653 RenderObject* child = firstChild();
3654 RenderBlock* containingBlock = this->containingBlock(); 3654 RenderBlock* containingBlock = this->containingBlock();
3655 LayoutUnit floatLeftWidth = 0, floatRightWidth = 0; 3655 LayoutUnit floatLeftWidth = 0, floatRightWidth = 0;
3656 while (child) { 3656 while (child) {
3657 // Positioned children don't affect the min/max width 3657 // Positioned children don't affect the min/max width
3658 if (child->isOutOfFlowPositioned()) { 3658 if (child->isOutOfFlowPositioned()) {
3659 child = child->nextSibling(); 3659 child = child->nextSibling();
3660 continue; 3660 continue;
3661 } 3661 }
3662 3662
3663 RenderStyle* childStyle = child->style(); 3663 RefPtr<RenderStyle> childStyle = child->style();
3664 if (child->isFloating() || (child->isBox() && toRenderBox(child)->avoids Floats())) { 3664 if (child->isFloating() || (child->isBox() && toRenderBox(child)->avoids Floats())) {
3665 LayoutUnit floatTotalWidth = floatLeftWidth + floatRightWidth; 3665 LayoutUnit floatTotalWidth = floatLeftWidth + floatRightWidth;
3666 if (childStyle->clear() & CLEFT) { 3666 if (childStyle->clear() & CLEFT) {
3667 maxLogicalWidth = std::max(floatTotalWidth, maxLogicalWidth); 3667 maxLogicalWidth = std::max(floatTotalWidth, maxLogicalWidth);
3668 floatLeftWidth = 0; 3668 floatLeftWidth = 0;
3669 } 3669 }
3670 if (childStyle->clear() & CRIGHT) { 3670 if (childStyle->clear() & CRIGHT) {
3671 maxLogicalWidth = std::max(floatTotalWidth, maxLogicalWidth); 3671 maxLogicalWidth = std::max(floatTotalWidth, maxLogicalWidth);
3672 floatRightWidth = 0; 3672 floatRightWidth = 0;
3673 } 3673 }
(...skipping 1365 matching lines...) Expand 10 before | Expand all | Expand 10 after
5039 void RenderBlock::showLineTreeAndMark(const InlineBox* markedBox1, const char* m arkedLabel1, const InlineBox* markedBox2, const char* markedLabel2, const Render Object* obj) const 5039 void RenderBlock::showLineTreeAndMark(const InlineBox* markedBox1, const char* m arkedLabel1, const InlineBox* markedBox2, const char* markedLabel2, const Render Object* obj) const
5040 { 5040 {
5041 showRenderObject(); 5041 showRenderObject();
5042 for (const RootInlineBox* root = firstRootBox(); root; root = root->nextRoot Box()) 5042 for (const RootInlineBox* root = firstRootBox(); root; root = root->nextRoot Box())
5043 root->showLineTreeAndMark(markedBox1, markedLabel1, markedBox2, markedLa bel2, obj, 1); 5043 root->showLineTreeAndMark(markedBox1, markedLabel1, markedBox2, markedLa bel2, obj, 1);
5044 } 5044 }
5045 5045
5046 #endif 5046 #endif
5047 5047
5048 } // namespace WebCore 5048 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/fast/text-autosizing/table-inflation-crash-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698