258664 – Nullptr crash in Layout::InlineItemsBuilder::collectInlineItems

RESOLVED FIXED258664

Nullptr crash in Layout::InlineItemsBuilder::collectInlineItems

https://bugs.webkit.org/show_bug.cgi?id=258664

Summary Nullptr crash in Layout::InlineItemsBuilder::collectInlineItems

Antti Koivisto

Reported 2023-06-29 02:26:09 PDT

34 WebCore::RenderStyle::display() const <== 34 WebCore::Layout::Box::isInlineBox() const 34 WebCore::Layout::InlineItemsBuilder::collectInlineItems(WTF::Vector<WebCore::Layout::InlineItem, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::Layout::InlineItemPosition) 34 WebCore::Layout::InlineItemsBuilder::build(WebCore::Layout::InlineItemPosition) 34 WebCore::Layout::InlineFormattingContext::layoutFloatContentOnly(WebCore::Layout::ConstraintsForInlineContent const&, WebCore::Layout::FloatingState&) 34 WebCore::Layout::InlineFormattingContext::layoutInFlowAndFloatContentForIntegration(WebCore::Layout::ConstraintsForInlineContent const&, WebCore::Layout::InlineLayoutState&) 34 WebCore::LayoutIntegration::LineLayout::layout()

Attachments
Add attachment proposed patch, testcase, etc.

Antti Koivisto

Comment 1 2023-06-29 02:26:23 PDT

rdar://111272076

Antti Koivisto

Comment 2 2023-06-29 02:31:19 PDT

Pull request: https://github.com/WebKit/WebKit/pull/15397

EWS

Comment 3 2023-06-29 07:15:13 PDT

Committed 265618@main (42bd7f4d0079): <https://commits.webkit.org/265618@main> Reviewed commits have been landed. Closing PR #15397 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Layout and Rendering

Assignee

Antti Koivisto

Reported

2023-06-29 02:26 PDT

Modified

2023-06-29 07:15 PDT History

CC List

4 users Show

URL

Keywords InRadar

Depends on

Blocks