Title: [261524] branches/safari-609-branch/Source/WebCore
- Revision
- 261524
- Author
- [email protected]
- Date
- 2020-05-11 17:22:08 -0700 (Mon, 11 May 2020)
Log Message
Cherry-pick r261208. rdar://problem/62978272
Crash in match_constness<WebCore::CSSValue, WebCore::CSSPrimitiveValue>::type& WTF::downcast<WebCore::CSSPrimitiveValue, WebCore::CSSValue> -- ASAN
https://bugs.webkit.org/show_bug.cgi?id=211479
Patch by Pinki Gyanchandani <[email protected]> on 2020-05-05
Reviewed by Geoffrey Garen.
Added check to downcast CSSValue to CSSPrimitiveValue, only if valid CSSPrimitveValue is associated with the property.
New test would be added to Internal repository.
* css/StyleProperties.cpp:
(WebCore::StyleProperties::pageBreakPropertyValue const):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@261208 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-609-branch/Source/WebCore/ChangeLog (261523 => 261524)
--- branches/safari-609-branch/Source/WebCore/ChangeLog 2020-05-12 00:22:05 UTC (rev 261523)
+++ branches/safari-609-branch/Source/WebCore/ChangeLog 2020-05-12 00:22:08 UTC (rev 261524)
@@ -1,5 +1,38 @@
2020-05-07 Russell Epstein <[email protected]>
+ Cherry-pick r261208. rdar://problem/62978272
+
+ Crash in match_constness<WebCore::CSSValue, WebCore::CSSPrimitiveValue>::type& WTF::downcast<WebCore::CSSPrimitiveValue, WebCore::CSSValue> -- ASAN
+ https://bugs.webkit.org/show_bug.cgi?id=211479
+
+ Patch by Pinki Gyanchandani <[email protected]> on 2020-05-05
+ Reviewed by Geoffrey Garen.
+
+ Added check to downcast CSSValue to CSSPrimitiveValue, only if valid CSSPrimitveValue is associated with the property.
+
+ New test would be added to Internal repository.
+
+ * css/StyleProperties.cpp:
+ (WebCore::StyleProperties::pageBreakPropertyValue const):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@261208 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-05-05 Pinki Gyanchandani <[email protected]>
+
+ Crash in match_constness<WebCore::CSSValue, WebCore::CSSPrimitiveValue>::type& WTF::downcast<WebCore::CSSPrimitiveValue, WebCore::CSSValue> -- ASAN
+ https://bugs.webkit.org/show_bug.cgi?id=211479
+
+ Reviewed by Geoffrey Garen.
+
+ Added check to downcast CSSValue to CSSPrimitiveValue, only if valid CSSPrimitveValue is associated with the property.
+
+ New test would be added to Internal repository.
+
+ * css/StyleProperties.cpp:
+ (WebCore::StyleProperties::pageBreakPropertyValue const):
+
+2020-05-07 Russell Epstein <[email protected]>
+
Cherry-pick r260682. rdar://problem/62978266
[WTF] allThreads registration is racy with allThreads unregistration
Modified: branches/safari-609-branch/Source/WebCore/css/StyleProperties.cpp (261523 => 261524)
--- branches/safari-609-branch/Source/WebCore/css/StyleProperties.cpp 2020-05-12 00:22:05 UTC (rev 261523)
+++ branches/safari-609-branch/Source/WebCore/css/StyleProperties.cpp 2020-05-12 00:22:08 UTC (rev 261524)
@@ -751,6 +751,10 @@
// FIXME: Remove this isGlobalKeyword check after we do this consistently for all shorthands in getPropertyValue.
if (value->isGlobalKeyword())
return value->cssText();
+
+ if (!is<CSSPrimitiveValue>(*value))
+ return String();
+
CSSValueID valueId = downcast<CSSPrimitiveValue>(*value).valueID();
switch (valueId) {
case CSSValuePage:
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
