Title: [264972] releases/WebKitGTK/webkit-2.28/Source/WebCore
Revision
264972
Author
carlo...@webkit.org
Date
2020-07-28 03:34:47 -0700 (Tue, 28 Jul 2020)

Log Message

Merge r261208 - Crash in match_constness<WebCore::CSSValue, WebCore::CSSPrimitiveValue>::type& WTF::downcast<WebCore::CSSPrimitiveValue, WebCore::CSSValue> -- ASAN
https://bugs.webkit.org/show_bug.cgi?id=211479

Patch by Pinki Gyanchandani <pgyanchand...@apple.com> on 2020-05-05
Reviewed by Geoffrey Garen.

Added check to downcast CSSValue to CSSPrimitiveValue, only if valid CSSPrimitveValue is associated with the property.

New test would be added to Internal repository.

* css/StyleProperties.cpp:
(WebCore::StyleProperties::pageBreakPropertyValue const):

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog (264971 => 264972)


--- releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog	2020-07-28 10:34:43 UTC (rev 264971)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog	2020-07-28 10:34:47 UTC (rev 264972)
@@ -1,3 +1,17 @@
+2020-05-05  Pinki Gyanchandani  <pgyanchand...@apple.com>
+
+        Crash in match_constness<WebCore::CSSValue, WebCore::CSSPrimitiveValue>::type& WTF::downcast<WebCore::CSSPrimitiveValue, WebCore::CSSValue> -- ASAN
+        https://bugs.webkit.org/show_bug.cgi?id=211479
+
+        Reviewed by Geoffrey Garen.
+    
+        Added check to downcast CSSValue to CSSPrimitiveValue, only if valid CSSPrimitveValue is associated with the property.
+
+        New test would be added to Internal repository.
+
+        * css/StyleProperties.cpp:
+        (WebCore::StyleProperties::pageBreakPropertyValue const):
+
 2020-06-19  Pinki Gyanchandani  <pgyanchand...@apple.com>
 
         Crash in WebCore::Range::borderAndTextRects

Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/css/StyleProperties.cpp (264971 => 264972)


--- releases/WebKitGTK/webkit-2.28/Source/WebCore/css/StyleProperties.cpp	2020-07-28 10:34:43 UTC (rev 264971)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/css/StyleProperties.cpp	2020-07-28 10:34:47 UTC (rev 264972)
@@ -751,6 +751,10 @@
     // FIXME: Remove this isGlobalKeyword check after we do this consistently for all shorthands in getPropertyValue.
     if (value->isGlobalKeyword())
         return value->cssText();
+    
+    if (!is<CSSPrimitiveValue>(*value))
+        return String();
+    
     CSSValueID valueId = downcast<CSSPrimitiveValue>(*value).valueID();
     switch (valueId) {
     case CSSValuePage:
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to