Changeset 30716 in webkit
- Timestamp:
- Mar 3, 2008 11:51:59 AM (16 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r30715 r30716 1 2008-03-03 David Hyatt <hyatt@apple.com> 2 3 Fix for <rdar://problem/5776161> REGRESSION: Google Docs Spreadsheet crash 4 5 This is also http://bugs.webkit.org/show_bug.cgi?id=17543, fixed table layout corrupts heap. 6 7 Make sure not to access position -1 of the size 0 vectors. 8 9 Reviewed by ggaren 10 11 * rendering/FixedTableLayout.cpp: 12 (WebCore::FixedTableLayout::layout): 13 1 14 2008-03-03 David D. Kilzer <ddkilzer@webkit.org> 2 15 -
trunk/WebCore/rendering/FixedTableLayout.cpp
r25754 r30716 286 286 calcWidth[--total] += w; 287 287 } 288 calcWidth[nEffCols - 1] += remainingWidth; 288 if (nEffCols > 0) 289 calcWidth[nEffCols - 1] += remainingWidth; 289 290 } 290 291 … … 295 296 pos += calcWidth[i] + hspacing; 296 297 } 297 m_table->columnPositions()[m_table->columnPositions().size() - 1] = pos; 298 int colPositionsSize = m_table->columnPositions().size(); 299 if (colPositionsSize > 0) 300 m_table->columnPositions()[colPositionsSize - 1] = pos; 298 301 } 299 302
Note: See TracChangeset
for help on using the changeset viewer.