Potential overflow in RenderLayer::hitTestList()
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Apr 2016 19:57:10 +0000 (19:57 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Apr 2016 19:57:10 +0000 (19:57 +0000)
commit78d2c811858d3f4607e6758970de49d9565983ba
tree0bdb381c3463fec464d83396c818fd898c41f69f
parent99984936628fd6a4fd157ab601d1800c7c56a30e
Potential overflow in RenderLayer::hitTestList()
https://bugs.webkit.org/show_bug.cgi?id=156804

Reviewed by Simon Fraser.

Use size_t type instead of int to iterate over the Vector to make sure
we don't overflow. This is a speculative fix for <rdar://problem/23249479>.

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::hitTestList):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199781 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderLayer.cpp