Bug 247840

Summary: Check if length isSpecified before accessing in RenderTableSection.cpp for minimumValueForLength
Product: WebKit Reporter: Ahmad Saleem <ahmad.saleem792>
Component: TablesAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   

Ahmad Saleem
Reported 2022-11-12 04:46:26 PST
Hi Team, While going through Blink commits, I came across another potential crash issue in the DEBUG and assertion fix but we don't have this assertion bug but we still have the code, so I think it would be good to fix any potential crash, hence, I thought to create this bug. Blink Commit - https://chromium.googlesource.com/chromium/blink/+/33a620c7df6ac7ef4b7b4cbc94be07f70ae2e5f7 Webkit GitHub Source - https://github.com/WebKit/WebKit/blob/2b519ff97e74aa11c104cfb2dcb3d697db8d2a49/Source/WebCore/rendering/RenderTableSection.cpp#L246 Just wanted to raise this bug to fix it so we can have more stability in Webkit. Thanks!
Attachments
Add attachment proposed patch, testcase, etc.
EWS
Comment 1 2022-11-12 16:22:55 PST
Committed 256614@main (dcc214eccd58): <https://commits.webkit.org/256614@main> Reviewed commits have been landed. Closing PR #6425 and removing active labels.
Radar WebKit Bug Importer
Comment 2 2022-11-12 16:23:17 PST
<rdar://problem/102280979>
Note You need to log in before you can comment on or make changes to this bug.