Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 512db2970b3849fa5602ada60984e1d0eb4c0295
https://github.com/WebKit/WebKit/commit/512db2970b3849fa5602ada60984e1d0eb4c0295
Author: Sam Weinig <[email protected]>
Date: 2025-07-09 (Wed, 09 Jul 2025)
Changed paths:
A
LayoutTests/fast/css/resolve-zero-length-with-infinite-zoom-factor-crash-expected.txt
A
LayoutTests/fast/css/resolve-zero-length-with-infinite-zoom-factor-crash.html
M Source/WebCore/css/values/primitives/CSSPrimitiveNumericRange.h
M Source/WebCore/rendering/style/RenderStyleSetters.h
Log Message:
-----------
ASAN_TRAP | Style::CSSValueConversion::operator;
Style::BuilderFunctions::applyValueScrollPaddingRight;
Style::BuilderGenerated::applyProperty
https://bugs.webkit.org/show_bug.cgi?id=295239
Reviewed by Darin Adler and Ryosuke Niwa.
Adds a maximum value to the used zoom value (to go with the existing minimum
value)
to avoid cases where the used zoom could become infinite, which would cause 0
length
values to become NaN (0.0 * +Infinity == NaN) when applying zoom in length
resolution.
Adds an additional layer of protection to CSS numeric value clamping code,
ensuring
all clamps ensure a finite value.
Test case by Frédéric Wang.
*
LayoutTests/fast/css/resolve-zero-length-with-infinite-zoom-factor-crash-expected.txt:
Added.
*
LayoutTests/fast/css/resolve-zero-length-with-infinite-zoom-factor-crash.html:
Added.
* Source/WebCore/css/values/primitives/CSSPrimitiveNumericRange.h:
* Source/WebCore/rendering/style/RenderStyleSetters.h:
Canonical link: https://commits.webkit.org/297165@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
