Branch: refs/heads/webkitglib/2.50
Home: https://github.com/WebKit/WebKit
Commit: 5f46d8586a2a02a4681fc61002a099b4eafdc5f7
https://github.com/WebKit/WebKit/commit/5f46d8586a2a02a4681fc61002a099b4eafdc5f7
Author: Rob Buis <rb...@igalia.com>
Date: 2025-08-28 (Thu, 28 Aug 2025)
Changed paths:
A
LayoutTests/fast/multicol/null-enclosing-fragmented-flow-crash-expected.txt
A LayoutTests/fast/multicol/null-enclosing-fragmented-flow-crash.html
M Source/WebCore/rendering/RenderBlock.cpp
Log Message:
-----------
Cherry-pick 298421@main (c3e39daf3a05).
https://bugs.webkit.org/show_bug.cgi?id=289389
ASAN_TRAP | WebCore::RenderFragmentedFlow::setFragmentRangeForBox;
WebCore::RenderBlockFlow::layoutBlockChild;
WebCore::RenderBlockFlow::layoutBlockChildren
https://bugs.webkit.org/show_bug.cgi?id=289389
Reviewed by Alan Baradlay.
The method updateCachedEnclosingFragmentedFlow can be called with a null
value for the fragmentedFlow
parameter while the render tree is not fully built yet, leading to possible
assertion failures later.
To fix this, do not cache null values for the enclosing fragmented flow and
instead make sure the enclosing
fragmented flow is set to null.
*
LayoutTests/fast/multicol/null-enclosing-fragmented-flow-crash-expected.txt:
Added.
* LayoutTests/fast/multicol/null-enclosing-fragmented-flow-crash.html:
Added.
* Source/WebCore/rendering/RenderBlock.cpp:
(WebCore::RenderBlock::updateCachedEnclosingFragmentedFlow const):
Originally-landed-as: 292955.5@webkit-2025.4-embargoed (65ae446abd0b).
rdar://157794730
Canonical link: https://commits.webkit.org/298421@main
Canonical link: https://commits.webkit.org/298234.70@webkitglib/2.50
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
