Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: dcecfc5f12b84d9ccad149a4aeb8d02b115b132b
https://github.com/WebKit/WebKit/commit/dcecfc5f12b84d9ccad149a4aeb8d02b115b132b
Author: Chris Dumez <[email protected]>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M Source/WebCore/platform/graphics/PlatformTimeRanges.cpp
Log Message:
-----------
PlatformTimeRanges::operator-= constructs a Vector with two phantom Range
elements
https://bugs.webkit.org/show_bug.cgi?id=316183
Reviewed by Jean-Yves Avenard.
operator-=(const Range&) initializes its working list with
"Vector<Range> ranges { 2 };", which invokes WTF::Vector(size_t) and
default-constructs two Range elements (each Range(MediaTime(0),
MediaTime(0))) before the two real entries are appended. The intent
was to reserve capacity for two upcoming appends.
In practice the phantom Range(0, 0) entries are absorbed by the
"(-inf, 0)" boundary range that intersectWith() generates during its
invert step, so the observable result is correct for non-negative
MediaTime inputs. With m_ranges[0].start < 0, however, the phantoms
violate the sorted-and-disjoint invariant the rest of the algorithm
relies on and trip ASSERT(start <= end) inside add().
Switch to reserveInitialCapacity(2) so only the two real ranges end
up in the working list.
* Source/WebCore/platform/graphics/PlatformTimeRanges.cpp:
(WebCore::PlatformTimeRanges::operator-=):
Canonical link: https://commits.webkit.org/314544@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
