253165 – Make sure child is a RenderElement before trying to pass it into shouldChildInlineMarginContributeToContainerIntrinsicSize in RenderBlock::computeBlockPreferredLogicalWidths

Bug 253165 - Make sure child is a RenderElement before trying to pass it into shouldChildInlineMarginContributeToContainerIntrinsicSize in RenderBlock::computeBlockPreferredLogicalWidths

Summary: Make sure child is a RenderElement before trying to pass it into shouldChildI...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Sammy Gill

URL:
Keywords:	InRadar

Duplicates (2):	252975 253182 (view as bug list)
Depends on:
Blocks:

Reported:	2023-03-01 09:54 PST by Sammy Gill
Modified:	2023-12-20 15:01 PST (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sammy Gill 2023-03-01 09:54:34 PST

The assumption about this code currently is that child cannot be a RenderText within RenderBlock::computeBlockPreferredLogicalWidths. That assumption is wrong and can lead to a nullptr dereference. We should check the result of the cast before trying to pass it in

Comment 1 Sammy Gill 2023-03-01 09:55:05 PST

rdar://105848359

Comment 2 Radar WebKit Bug Importer 2023-03-01 09:55:57 PST

<rdar://problem/106092185>

Comment 3 Sammy Gill 2023-03-01 11:16:59 PST

Pull request: https://github.com/WebKit/WebKit/pull/10882

Comment 4 Sammy Gill 2023-03-01 11:35:41 PST

rdar://105848359

Comment 5 EWS 2023-03-02 06:30:57 PST

Committed 261063@main (02bb8ae9d573): <https://commits.webkit.org/261063@main>

Reviewed commits have been landed. Closing PR #10882 and removing active labels.

Comment 6 EWS 2023-03-03 10:38:33 PST

Committed 259548.371@safari-7615-branch (6f9b18dfa549): <https://commits.webkit.org/259548.371@safari-7615-branch>

Reviewed commits have been landed. Closing PR #432 and removing active labels.

Comment 7 Sammy Gill 2023-03-06 09:45:46 PST

*** Bug 252975 has been marked as a duplicate of this bug. ***

Comment 8 Sammy Gill 2023-12-20 15:01:56 PST

*** Bug 253182 has been marked as a duplicate of this bug. ***