diff options
| author | Aliaksandr Kalenik <kalenik.aliaksandr@gmail.com> | 2023-05-15 16:27:13 +0300 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2023-05-15 15:35:34 +0200 |
| commit | daf86eaabc6d95f304067cd5e66ae961ad31f496 (patch) | |
| tree | a2f37e6a91ac7969f1e3fb7e3fe5251cb645a378 /Userland/Libraries/LibWeb/Layout/GridFormattingContext.cpp | |
| parent | 4d0d0a99b47c2a8ff18e147be8808edce1014223 (diff) | |
| download | serenity-daf86eaabc6d95f304067cd5e66ae961ad31f496.zip | |
LibWeb: Fix UBSAN issue caused by invalid TemporaryTrack pointer in GFC
Fixes the issue when if there are enough rows/column to force
m_row_gap_tracks or m_column_gap_tracks be resized during gaps
initialization then pointers stored in m_grid_columns_and_gaps or
m_grid_rows_and_gaps become invalid.
Diffstat (limited to 'Userland/Libraries/LibWeb/Layout/GridFormattingContext.cpp')
| -rw-r--r-- | Userland/Libraries/LibWeb/Layout/GridFormattingContext.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/Userland/Libraries/LibWeb/Layout/GridFormattingContext.cpp b/Userland/Libraries/LibWeb/Layout/GridFormattingContext.cpp index 913f231a5e..f7bcf40323 100644 --- a/Userland/Libraries/LibWeb/Layout/GridFormattingContext.cpp +++ b/Userland/Libraries/LibWeb/Layout/GridFormattingContext.cpp @@ -581,8 +581,9 @@ void GridFormattingContext::initialize_gap_tracks(AvailableSpace const& availabl // For the purpose of track sizing, each gutter is treated as an extra, empty, fixed-size track of // the specified size, which is spanned by any grid items that span across its corresponding grid // line. - if (!grid_container().computed_values().column_gap().is_auto()) { + if (!grid_container().computed_values().column_gap().is_auto() && m_grid_columns.size() > 0) { auto column_gap_width = grid_container().computed_values().column_gap().to_px(grid_container(), available_space.width.to_px()); + m_column_gap_tracks.ensure_capacity(m_grid_columns.size() - 1); for (size_t column_index = 0; column_index < m_grid_columns.size(); column_index++) { m_grid_columns_and_gaps.append(m_grid_columns[column_index]); if (column_index != m_grid_columns.size() - 1) { @@ -595,8 +596,9 @@ void GridFormattingContext::initialize_gap_tracks(AvailableSpace const& availabl m_grid_columns_and_gaps.append(track); } } - if (!grid_container().computed_values().row_gap().is_auto()) { + if (!grid_container().computed_values().row_gap().is_auto() && m_grid_rows.size() > 0) { auto row_gap_height = grid_container().computed_values().row_gap().to_px(grid_container(), available_space.height.to_px()); + m_row_gap_tracks.ensure_capacity(m_grid_rows.size() - 1); for (size_t row_index = 0; row_index < m_grid_rows.size(); row_index++) { m_grid_rows_and_gaps.append(m_grid_rows[row_index]); if (row_index != m_grid_rows.size() - 1) { |