253720 – Fix undefined behavior in valueFromPool(Span<LazyNeverDestroyed<CSSPrimitiveValue>>, double)

Bug 253720 - Fix undefined behavior in valueFromPool(Span<LazyNeverDestroyed<CSSPrimitiveValue>>, double)

Summary: Fix undefined behavior in valueFromPool(Span<LazyNeverDestroyed<CSSPrimitiveV...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	CSS (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-03-10 10:36 PST by Chris Dumez
Modified:	2023-03-10 13:21 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2023-03-10 10:36:50 PST

This undefined behavior was causing crashes in our production builds.

Comment 1 Chris Dumez 2023-03-10 10:36:53 PST

<rdar://problem/106522324>

Comment 2 Chris Dumez 2023-03-10 10:39:14 PST

Pull request: https://github.com/WebKit/WebKit/pull/11369

Comment 3 EWS 2023-03-10 13:21:34 PST

Committed 261527@main (fa8dddf7984e): <https://commits.webkit.org/261527@main>

Reviewed commits have been landed. Closing PR #11369 and removing active labels.