Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8b62fda7097bfee9488a412c9d1f52a0393887c3
https://github.com/WebKit/WebKit/commit/8b62fda7097bfee9488a412c9d1f52a0393887c3
Author: Antti Koivisto <[email protected]>
Date: 2023-04-27 (Thu, 27 Apr 2023)
Changed paths:
A LayoutTests/fast/css/custom-properties/at-property-calc-crash-expected.txt
A LayoutTests/fast/css/custom-properties/at-property-calc-crash.html
M Source/WebCore/css/CSSCustomPropertyValue.cpp
M Source/WebCore/css/calc/CSSCalcValue.cpp
Log Message:
-----------
[@property] Nullptr crash with calc()
https://bugs.webkit.org/show_bug.cgi?id=256032
rdar://105491386
Reviewed by Alan Baradlay.
* LayoutTests/fast/css/custom-properties/at-property-calc-crash.html: Added.
* LayoutTests/fast/css/custom-properties/at-property-calc-crash-expected.txt:
Added.
* Source/WebCore/css/CSSCustomPropertyValue.cpp:
(WebCore::CSSCustomPropertyValue::customCSSText const):
Ensure that we don't crash even if the calc expression building returns null.
* Source/WebCore/css/calc/CSSCalcValue.cpp:
(WebCore::createCSS):
Limit zero-length elimination when constructing CSSCalcExpressionNodes from
CalcExpressionNodes to sum and substract expressions.
With other expression types eliminating zeroes can lead to miscomputing the
expression unit category and
the building code returning null.
Canonical link: https://commits.webkit.org/263453@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
