Title: [290922] branches/safari-613-branch/Source/WebCore
- Revision
- 290922
- Author
- [email protected]
- Date
- 2022-03-07 14:09:22 -0800 (Mon, 07 Mar 2022)
Log Message
Cherry-pick r289597. rdar://problem/88324745
Check bidiLevels are valid before reordering
https://bugs.webkit.org/show_bug.cgi?id=236378
Patch by Brandon Stewart <[email protected]> on 2022-02-10
Reviewed by Alan Bujtas.
We were trusting that the bidiLevel was valid before calling the reorder.
If the bidiLevel ends up being greater than the MAX + 1 we end up in a situation where
the reordering will fail. The function returns void, so there is not a good way to check
for an error.
* layout/formattingContexts/inline/InlineLineBuilder.cpp:
(WebCore::Layout::LineBuilder::layoutInlineContent):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289597 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-613-branch/Source/WebCore/ChangeLog (290921 => 290922)
--- branches/safari-613-branch/Source/WebCore/ChangeLog 2022-03-07 22:09:18 UTC (rev 290921)
+++ branches/safari-613-branch/Source/WebCore/ChangeLog 2022-03-07 22:09:22 UTC (rev 290922)
@@ -1,5 +1,40 @@
2022-03-07 Russell Epstein <[email protected]>
+ Cherry-pick r289597. rdar://problem/88324745
+
+ Check bidiLevels are valid before reordering
+ https://bugs.webkit.org/show_bug.cgi?id=236378
+
+ Patch by Brandon Stewart <[email protected]> on 2022-02-10
+ Reviewed by Alan Bujtas.
+
+ We were trusting that the bidiLevel was valid before calling the reorder.
+ If the bidiLevel ends up being greater than the MAX + 1 we end up in a situation where
+ the reordering will fail. The function returns void, so there is not a good way to check
+ for an error.
+
+ * layout/formattingContexts/inline/InlineLineBuilder.cpp:
+ (WebCore::Layout::LineBuilder::layoutInlineContent):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289597 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2022-02-10 Brandon Stewart <[email protected]>
+
+ Check bidiLevels are valid before reordering
+ https://bugs.webkit.org/show_bug.cgi?id=236378
+
+ Reviewed by Alan Bujtas.
+
+ We were trusting that the bidiLevel was valid before calling the reorder.
+ If the bidiLevel ends up being greater than the MAX + 1 we end up in a situation where
+ the reordering will fail. The function returns void, so there is not a good way to check
+ for an error.
+
+ * layout/formattingContexts/inline/InlineLineBuilder.cpp:
+ (WebCore::Layout::LineBuilder::layoutInlineContent):
+
+2022-03-07 Russell Epstein <[email protected]>
+
Cherry-pick r289533. rdar://problem/88452971
Settling of a fetch promise should be delayed in case page is entering page cache
Modified: branches/safari-613-branch/Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp (290921 => 290922)
--- branches/safari-613-branch/Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp 2022-03-07 22:09:18 UTC (rev 290921)
+++ branches/safari-613-branch/Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp 2022-03-07 22:09:22 UTC (rev 290922)
@@ -329,6 +329,14 @@
hasOpaqueRun = true;
continue;
}
+
+ // bidiLevels are required to be less than the MAX + 1, otherwise
+ // ubidi_reorderVisual will silently fail.
+ if (lineRuns[i].bidiLevel() > UBIDI_MAX_EXPLICIT_LEVEL + 1) {
+ ASSERT(lineRuns[i].bidiLevel() == UBIDI_DEFAULT_LTR);
+ continue;
+ }
+
runLevels.append(lineRuns[i].bidiLevel());
runIndexOffsetMap.append(accumulatedOffset);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
