Bug 253165

Summary: Make sure child is a RenderElement before trying to pass it into shouldChildInlineMarginContributeToContainerIntrinsicSize in RenderBlock::computeBlockPreferredLogicalWidths
Product: WebKit Reporter: Sammy Gill <sgill26>
Component: Layout and RenderingAssignee: Sammy Gill <sgill26>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Sammy Gill 2023-03-01 09:54:34 PST 
The assumption about this code currently is that child cannot be a RenderText within RenderBlock::computeBlockPreferredLogicalWidths. That assumption is wrong and can lead to a nullptr dereference. We should check the result of the cast before trying to pass it in
Comment 1 Sammy Gill 2023-03-01 09:55:05 PST 
rdar://105848359
Comment 2 Radar WebKit Bug Importer 2023-03-01 09:55:57 PST 
<rdar://problem/106092185>
Comment 3 Sammy Gill 2023-03-01 11:16:59 PST 
Pull request: https://github.com/WebKit/WebKit/pull/10882
Comment 4 Sammy Gill 2023-03-01 11:35:41 PST 
rdar://105848359
Comment 5 EWS 2023-03-02 06:30:57 PST 
Committed 261063@main (02bb8ae9d573): <https://commits.webkit.org/261063@main>

Reviewed commits have been landed. Closing PR #10882 and removing active labels.
Comment 6 EWS 2023-03-03 10:38:33 PST 
Committed 259548.371@safari-7615-branch (6f9b18dfa549): <https://commits.webkit.org/259548.371@safari-7615-branch>

Reviewed commits have been landed. Closing PR #432 and removing active labels.
Comment 7 Sammy Gill 2023-03-06 09:45:46 PST 
*** Bug 252975 has been marked as a duplicate of this bug. ***
Comment 8 Sammy Gill 2023-12-20 15:01:56 PST 
*** Bug 253182 has been marked as a duplicate of this bug. ***