From 863092afdcbca747d8f3183abd2a99a94959faf1 Mon Sep 17 00:00:00 2001
From: Gingeh <39150378+Gingeh@users.noreply.github.com>
Date: Tue, 1 Jul 2025 16:32:56 +1000
Subject: [PATCH] LibWeb: Don't crash with non- table-column
---
.../LibWeb/Layout/TableFormattingContext.cpp | 8 +++----
Libraries/LibWeb/Layout/TableGrid.cpp | 5 +++--
.../expected/display-table-column-crash.txt | 22 +++++++++++++++++++
.../input/display-table-column-crash.html | 21 ++++++++++++++++++
4 files changed, 50 insertions(+), 6 deletions(-)
create mode 100644 Tests/LibWeb/Layout/expected/display-table-column-crash.txt
create mode 100644 Tests/LibWeb/Layout/input/display-table-column-crash.html
diff --git a/Libraries/LibWeb/Layout/TableFormattingContext.cpp b/Libraries/LibWeb/Layout/TableFormattingContext.cpp
index 434832b323e..9ac53444d57 100644
--- a/Libraries/LibWeb/Layout/TableFormattingContext.cpp
+++ b/Libraries/LibWeb/Layout/TableFormattingContext.cpp
@@ -74,7 +74,7 @@ void TableFormattingContext::compute_constrainedness()
if (computed_values.width().is_length()) {
m_columns[column_index].is_constrained = true;
}
- auto const& col_node = static_cast(*column_box.dom_node());
+ auto const& col_node = static_cast(*column_box.dom_node());
unsigned span = col_node.get_attribute_value(HTML::AttributeNames::span).to_number().value_or(1);
column_index += span;
});
@@ -191,7 +191,7 @@ void TableFormattingContext::compute_outer_content_sizes()
m_columns[column_index].min_size = max(min_width, width);
// The outer max-content width of a table-column or table-column-group is max(min-width, min(max-width, width)).
m_columns[column_index].max_size = max(min_width, min(max_width, width));
- auto const& col_node = static_cast(*column_box.dom_node());
+ auto const& col_node = static_cast(*column_box.dom_node());
unsigned span = col_node.get_attribute_value(HTML::AttributeNames::span).to_number().value_or(1);
column_index += span;
});
@@ -1393,7 +1393,7 @@ void TableFormattingContext::BorderConflictFinder::collect_conflicting_col_eleme
size_t column_index = 0;
for (auto* child_of_column_group = child->first_child(); child_of_column_group; child_of_column_group = child_of_column_group->next_sibling()) {
VERIFY(child_of_column_group->display().is_table_column());
- auto const& col_node = static_cast(*child_of_column_group->dom_node());
+ auto const& col_node = static_cast(*child_of_column_group->dom_node());
unsigned span = col_node.get_attribute_value(HTML::AttributeNames::span).to_number().value_or(1);
m_col_elements_by_index.resize(column_index + span);
for (size_t i = column_index; i < column_index + span; ++i) {
@@ -1792,7 +1792,7 @@ void TableFormattingContext::initialize_intrinsic_percentages_from_rows_or_colum
auto width_percentage = computed_values.width().is_percentage() ? computed_values.width().percentage().value() : 0;
m_columns[column_index].has_intrinsic_percentage = computed_values.max_width().is_percentage() || computed_values.width().is_percentage();
m_columns[column_index].intrinsic_percentage = min(width_percentage, max_width_percentage);
- auto const& col_node = static_cast(*column_box.dom_node());
+ auto const& col_node = static_cast(*column_box.dom_node());
unsigned span = col_node.get_attribute_value(HTML::AttributeNames::span).to_number().value_or(1);
column_index += span;
});
diff --git a/Libraries/LibWeb/Layout/TableGrid.cpp b/Libraries/LibWeb/Layout/TableGrid.cpp
index bf548218fe9..b025114f68f 100644
--- a/Libraries/LibWeb/Layout/TableGrid.cpp
+++ b/Libraries/LibWeb/Layout/TableGrid.cpp
@@ -65,8 +65,9 @@ TableGrid TableGrid::calculate_row_column_grid(Box const& box, Vector| & cel
auto process_col_group = [&](auto& col_group) {
auto dom_node = col_group.dom_node();
- dom_node->template for_each_in_subtree_of_type([&](auto&) {
- x_width += 1;
+ dom_node->for_each_in_subtree([&](auto& descendant) {
+ if (descendant.layout_node() && descendant.layout_node()->display().is_table_column())
+ x_width += 1;
return TraversalDecision::Continue;
});
};
diff --git a/Tests/LibWeb/Layout/expected/display-table-column-crash.txt b/Tests/LibWeb/Layout/expected/display-table-column-crash.txt
new file mode 100644
index 00000000000..4fa53bf3c81
--- /dev/null
+++ b/Tests/LibWeb/Layout/expected/display-table-column-crash.txt
@@ -0,0 +1,22 @@
+Viewport <#document> at (0,0) content-size 800x600 children: not-inline
+ BlockContainer at (0,0) content-size 800x16 [BFC] children: not-inline
+ BlockContainer <(anonymous)> at (0,0) content-size 800x0 children: inline
+ TextNode <#text>
+ BlockContainer at (8,8) content-size 784x0 children: not-inline
+ BlockContainer <(anonymous)> at (8,8) content-size 784x0 children: inline
+ TextNode <#text>
+ TableWrapper <(anonymous)> at (8,8) content-size 0x0 [BFC] children: not-inline
+ Box <(anonymous)> at (8,8) content-size 0x0 table-box [TFC] children: not-inline
+ BlockContainer (not painted) table-column-group children: not-inline
+ BlockContainer (not painted) children: not-inline
+ BlockContainer (not painted) children: not-inline
+ BlockContainer <(anonymous)> (not painted) children: inline
+ TextNode <#text>
+
+ViewportPaintable (Viewport<#document>) [0,0 800x600]
+ PaintableWithLines (BlockContainer) [0,0 800x16]
+ PaintableWithLines (BlockContainer(anonymous)) [0,0 800x0]
+ PaintableWithLines (BlockContainer) [8,8 784x0]
+ PaintableWithLines (BlockContainer(anonymous)) [8,8 784x0]
+ PaintableWithLines (TableWrapper(anonymous)) [8,8 0x0]
+ PaintableBox (Box(anonymous)) [8,8 0x0]
diff --git a/Tests/LibWeb/Layout/input/display-table-column-crash.html b/Tests/LibWeb/Layout/input/display-table-column-crash.html
new file mode 100644
index 00000000000..1b9c06753ed
--- /dev/null
+++ b/Tests/LibWeb/Layout/input/display-table-column-crash.html
@@ -0,0 +1,21 @@
+
+
+
+
+
+
+
+
+
|