Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(273)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 493093002: [CSS Grid Layout] Heap-buffer-overflow in std::sort() (Closed)

Created:
6 years, 4 months ago by svillar
Modified:
6 years, 3 months ago
CC:
blink-reviews, blink-reviews-rendering, eae+blinkwatch, jchaffraix+rendering, jfernandez, leviw+renderwatch, pdr., Manuel Rego, rune+blink, zoltan1
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

[CSS Grid Layout] Heap-buffer-overflow in std::sort() r179621 added support to handle infinite sizes to the sortByGridTrackGrowthPotential() sorting function. The problem is that it broke the strict weak ordering required by std::sort when the compared items had both infinite maximum sizes, so the algorithm was going nuts. BUG=401983, 402508, 402757 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=181634

Patch Set 1 #

Total comments: 1

Patch Set 2 : Patch for landing #

Unified diffs Side-by-side diffs Delta from patch set Stats (+26 lines, -4 lines) Patch
A LayoutTests/fast/css-grid-layout/grid-strict-ordering-crash-2.html View 1 chunk +16 lines, -0 lines 0 comments Download
A LayoutTests/fast/css-grid-layout/grid-strict-ordering-crash-2-expected.txt View 1 chunk +4 lines, -0 lines 0 comments Download
M Source/core/rendering/RenderGrid.cpp View 1 1 chunk +6 lines, -4 lines 0 comments Download

Messages

Total messages: 14 (1 generated)
svillar
Sending for review. Amazingly we had the same issue in that same function back in ...
6 years, 4 months ago (2014-08-21 14:01:52 UTC) #1
cbiesinger
lgtm
6 years, 4 months ago (2014-08-21 20:48:00 UTC) #2
svillar
The CQ bit was checked by svillar@igalia.com
6 years, 4 months ago (2014-08-22 07:25:10 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/svillar@igalia.com/493093002/1
6 years, 4 months ago (2014-08-22 07:26:15 UTC) #4
commit-bot: I haz the power
FYI, CQ is re-trying this CL (attempt #1). The failing builders are: android_chromium_gn_compile_rel on tryserver.blink ...
6 years, 4 months ago (2014-08-22 08:23:15 UTC) #5
commit-bot: I haz the power
The CQ bit was unchecked by commit-bot@chromium.org
6 years, 4 months ago (2014-08-22 08:25:23 UTC) #6
commit-bot: I haz the power
Try jobs failed on following builders: blink_presubmit on tryserver.blink (http://build.chromium.org/p/tryserver.blink/builders/blink_presubmit/builds/13480)
6 years, 4 months ago (2014-08-22 08:25:24 UTC) #7
svillar
On 2014/08/22 08:25:24, I haz the power (commit-bot) wrote: > Try jobs failed on following ...
6 years, 4 months ago (2014-08-22 14:03:13 UTC) #8
cbiesinger
On 2014/08/22 14:03:13, svillar wrote: > On 2014/08/22 08:25:24, I haz the power (commit-bot) wrote: ...
6 years, 4 months ago (2014-08-22 20:53:46 UTC) #9
svillar
@jchaffraix, @esprehn: anyone?
6 years, 4 months ago (2014-08-26 09:11:52 UTC) #10
Julien - ping for review
Another weak ordering fun bug /o\ LGTM https://codereview.chromium.org/493093002/diff/1/Source/core/rendering/RenderGrid.cpp File Source/core/rendering/RenderGrid.cpp (right): https://codereview.chromium.org/493093002/diff/1/Source/core/rendering/RenderGrid.cpp#newcode745 Source/core/rendering/RenderGrid.cpp:745: if (track1->m_maxBreadth ...
6 years, 3 months ago (2014-09-08 21:10:14 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/svillar@igalia.com/493093002/20001
6 years, 3 months ago (2014-09-09 10:23:57 UTC) #13
commit-bot: I haz the power
6 years, 3 months ago (2014-09-09 11:26:18 UTC) #14
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) as 181634

Powered by Google App Engine
This is Rietveld 408576698