diff --git a/Libraries/LibWeb/Layout/GridFormattingContext.cpp b/Libraries/LibWeb/Layout/GridFormattingContext.cpp index 3ab6dfff83a..06795ae075c 100644 --- a/Libraries/LibWeb/Layout/GridFormattingContext.cpp +++ b/Libraries/LibWeb/Layout/GridFormattingContext.cpp @@ -1849,9 +1849,6 @@ CSSPixelRect GridFormattingContext::get_grid_area_rect(GridItem const& grid_item auto resolved_span = grid_item.span(dimension) * 2; auto gap_adjusted_position = grid_item.gap_adjusted_position(dimension); - if (gap_adjusted_position + resolved_span > tracks_and_gaps.size()) { - resolved_span = tracks_and_gaps.size() - gap_adjusted_position; - } int start = gap_adjusted_position; int end = start + resolved_span; diff --git a/Tests/LibWeb/Layout/expected/grid/grid-row-overflow-crash.txt b/Tests/LibWeb/Layout/expected/grid/grid-row-overflow-crash.txt new file mode 100644 index 00000000000..4515ae7b7d5 --- /dev/null +++ b/Tests/LibWeb/Layout/expected/grid/grid-row-overflow-crash.txt @@ -0,0 +1,18 @@ +Viewport <#document> at (0,0) content-size 800x600 children: not-inline + BlockContainer at (0,0) content-size 800x600 [BFC] children: not-inline + BlockContainer at (8,8) content-size 784x0 children: not-inline + Box
at (8,8) content-size 784x0 positioned [GFC] children: not-inline + BlockContainer <(anonymous)> (not painted) [BFC] children: inline + TextNode <#text> + BlockContainer
at (8,8) content-size 0x0 positioned [BFC] children: not-inline + BlockContainer <(anonymous)> (not painted) [BFC] children: inline + TextNode <#text> + BlockContainer <(anonymous)> at (8,8) content-size 784x0 children: inline + TextNode <#text> + +ViewportPaintable (Viewport<#document>) [0,0 800x600] + PaintableWithLines (BlockContainer) [0,0 800x600] + PaintableWithLines (BlockContainer) [8,8 784x0] + PaintableBox (Box
) [8,8 784x0] + PaintableWithLines (BlockContainer
) [8,8 0x0] + PaintableWithLines (BlockContainer(anonymous)) [8,8 784x0] diff --git a/Tests/LibWeb/Layout/expected/grid/row-gaps-with-overflowing-spans-crash.txt b/Tests/LibWeb/Layout/expected/grid/row-gaps-with-overflowing-spans-crash.txt new file mode 100644 index 00000000000..58ca07b7efc --- /dev/null +++ b/Tests/LibWeb/Layout/expected/grid/row-gaps-with-overflowing-spans-crash.txt @@ -0,0 +1,22 @@ +Viewport <#document> at (0,0) content-size 800x600 children: not-inline + BlockContainer at (0,0) content-size 800x600 [BFC] children: not-inline + BlockContainer at (8,8) content-size 784x48 children: not-inline + Box
at (8,8) content-size 784x48 [GFC] children: not-inline + BlockContainer <(anonymous)> (not painted) [BFC] children: inline + TextNode <#text> + BlockContainer
at (8,24) content-size 784x32 [BFC] children: inline + frag 0 from TextNode start: 0, length: 1, rect: [8,24 6.34375x17] baseline: 13.296875 + "1" + TextNode <#text> + BlockContainer <(anonymous)> (not painted) [BFC] children: inline + TextNode <#text> + BlockContainer <(anonymous)> at (8,56) content-size 784x0 children: inline + TextNode <#text> + +ViewportPaintable (Viewport<#document>) [0,0 800x600] + PaintableWithLines (BlockContainer) [0,0 800x600] + PaintableWithLines (BlockContainer) [8,8 784x48] + PaintableBox (Box
) [8,8 784x48] + PaintableWithLines (BlockContainer
) [8,24 784x32] + TextPaintable (TextNode<#text>) + PaintableWithLines (BlockContainer(anonymous)) [8,56 784x0] diff --git a/Tests/LibWeb/Layout/input/grid/grid-row-overflow-crash.html b/Tests/LibWeb/Layout/input/grid/grid-row-overflow-crash.html new file mode 100644 index 00000000000..88647498f63 --- /dev/null +++ b/Tests/LibWeb/Layout/input/grid/grid-row-overflow-crash.html @@ -0,0 +1,3 @@ +
+
+
diff --git a/Tests/LibWeb/Layout/input/grid/row-gaps-with-overflowing-spans-crash.html b/Tests/LibWeb/Layout/input/grid/row-gaps-with-overflowing-spans-crash.html new file mode 100644 index 00000000000..0fb121859d8 --- /dev/null +++ b/Tests/LibWeb/Layout/input/grid/row-gaps-with-overflowing-spans-crash.html @@ -0,0 +1,3 @@ +
+
1
+