git://git.webkit.org / WebKit-https.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Crash when creating CSSCalcBinaryOperation
[WebKit-https.git] / Source / WebCore / ChangeLog
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 10497bc..f6aa200 100644 (file)
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2014-12-10  Antti Koivisto  <antti@apple.com>
+
+        Crash when creating CSSCalcBinaryOperation
+        https://bugs.webkit.org/show_bug.cgi?id=134886
+        rdar://problem/17663561
+
+        Reviewed by Chris Dumez.
+
+        Test: fast/css/calc-binary-operation-crash.html
+
+        * css/CSSCalculationValue.cpp:
+        (WebCore::determineCategory):
+
+        Ensure that both axis are within the addSubtractResult table.
+        Remove unneeded CalcOther test. The call site guarantees it doesn't happen and the normal cases would handle it anyway.
+        Also strengthen some asserts.
+
 2014-12-10  Anders Carlsson  <andersca@apple.com>
 
         Add WebStorageNamespaceProvider::closeLocalStorage
Mirror of the WebKit open source project from svn.webkit.org.