WebKit Bugzilla
Attachment 362066 Details for
Bug 194671
: Web Inspector: Occasional crash under WebCore::CSSStyleSheet::item called from Inspector
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH] For Landing
for-landing-2.patch (text/plain), 2.04 KB, created by
Joseph Pecoraro
on 2019-02-14 15:01:25 PST
(
hide
)
Description:
[PATCH] For Landing
Filename:
MIME Type:
Creator:
Joseph Pecoraro
Created:
2019-02-14 15:01:25 PST
Size:
2.04 KB
patch
obsolete
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 650e0b43d54..a3f908ec3b6 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,21 @@ >+2019-02-14 Joseph Pecoraro <pecoraro@apple.com> >+ >+ Web Inspector: Occasional crash under WebCore::CSSStyleSheet::item called from Inspector >+ https://bugs.webkit.org/show_bug.cgi?id=194671 >+ <rdar://problem/47628191> >+ >+ Reviewed by Devin Rousso. >+ >+ * css/CSSStyleSheet.cpp: >+ (WebCore::CSSStyleSheet::item): >+ A crash may happen if the m_childRuleCSSOMWrappers Vector gets out of >+ sync with the m_contents list of rules. In particular if the wrappers >+ vector is shorter than the rule list. We tried exercising code paths >+ that modify these lists but were not able to reproduce the crash. >+ To avoid a crash we can make this access safer and avoid the original >+ overflow. At the same time we will keep and promote the assertion that >+ would catch the lists getting out of sync in debug builds. >+ > 2019-02-13 Joseph Pecoraro <pecoraro@apple.com> > > Web Inspector: Crash when inspecting an element that constantly changes visibility >diff --git a/Source/WebCore/css/CSSStyleSheet.cpp b/Source/WebCore/css/CSSStyleSheet.cpp >index aebe97dc8f8..cc41257c351 100644 >--- a/Source/WebCore/css/CSSStyleSheet.cpp >+++ b/Source/WebCore/css/CSSStyleSheet.cpp >@@ -228,12 +228,12 @@ CSSRule* CSSStyleSheet::item(unsigned index) > { > unsigned ruleCount = length(); > if (index >= ruleCount) >- return 0; >+ return nullptr; > >- if (m_childRuleCSSOMWrappers.isEmpty()) >+ ASSERT(m_childRuleCSSOMWrappers.isEmpty() || m_childRuleCSSOMWrappers.size() == ruleCount); >+ if (m_childRuleCSSOMWrappers.size() < ruleCount) > m_childRuleCSSOMWrappers.grow(ruleCount); >- ASSERT(m_childRuleCSSOMWrappers.size() == ruleCount); >- >+ > RefPtr<CSSRule>& cssRule = m_childRuleCSSOMWrappers[index]; > if (!cssRule) > cssRule = m_contents->ruleAt(index)->createCSSOMWrapper(this);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=362066">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194671
:
362059
| 362066