Bug 247840

Summary: Check if length isSpecified before accessing in RenderTableSection.cpp for minimumValueForLength
Product: WebKit Reporter: Ahmad Saleem <ahmad.saleem792>
Component: TablesAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   

Description Ahmad Saleem 2022-11-12 04:46:26 PST 
Hi Team,

While going through Blink commits, I came across another potential crash issue in the DEBUG and assertion fix but we don't have this assertion bug but we still have the code, so I think it would be good to fix any potential crash, hence, I thought to create this bug.

Blink Commit - https://chromium.googlesource.com/chromium/blink/+/33a620c7df6ac7ef4b7b4cbc94be07f70ae2e5f7

Webkit GitHub Source - https://github.com/WebKit/WebKit/blob/2b519ff97e74aa11c104cfb2dcb3d697db8d2a49/Source/WebCore/rendering/RenderTableSection.cpp#L246

Just wanted to raise this bug to fix it so we can have more stability in Webkit.

Thanks!
Comment 1 EWS 2022-11-12 16:22:55 PST 
Committed 256614@main (dcc214eccd58): <https://commits.webkit.org/256614@main>

Reviewed commits have been landed. Closing PR #6425 and removing active labels.
Comment 2 Radar WebKit Bug Importer 2022-11-12 16:23:17 PST 
<rdar://problem/102280979>