Turn critical DCHECKs to CHECKs in NGOffsetMapping

This patch turns some DCHECKs in |NGOffsetMapping| to CHECKs when it could lead to out-of-bounds access. |NGOffsetMapping| uses |std::prev| or |std::next| after checking the pointer by DCHECKs. If these DCHECKs fail, |std::prev| or |std::next| will read out-of-bounds. Turning them to CHECKs will turn such cases into crashes. Bug: 1156988 Change-Id: I574ffd38636861c7d7aa9985d4a43852aabcbbc4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2579933Reviewed-by: Kent Tamura <tkent@chromium.org> Commit-Queue: Koji Ishii <kojii@chromium.org> Cr-Commit-Position: refs/heads/master@{#835144}

Turn critical DCHECKs to CHECKs in NGOffsetMapping
This patch turns some DCHECKs in |NGOffsetMapping| to CHECKs when it could lead to out-of-bounds access. |NGOffsetMapping| uses |std::prev| or |std::next| after checking the pointer by DCHECKs. If these DCHECKs fail, |std::prev| or |std::next| will read out-of-bounds. Turning them to CHECKs will turn such cases into crashes. Bug: 1156988 Change-Id: I574ffd38636861c7d7aa9985d4a43852aabcbbc4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2579933Reviewed-by: Kent Tamura <tkent@chromium.org> Commit-Queue: Koji Ishii <kojii@chromium.org> Cr-Commit-Position: refs/heads/master@{#835144}
7abea27f · Koji Ishii · Chromium LUCI CQ · 5bc97131 · 7abea27f
Commit 7abea27f authored Dec 09, 2020 by Koji Ishii Committed by Chromium LUCI CQ Dec 09, 2020
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

third_party/blink/renderer/core/layout/ng/inline/ng_offset_mapping.cc ...blink/renderer/core/layout/ng/inline/ng_offset_mapping.cc +3 -3

No files found.
--- a/third_party/blink/renderer/core/layout/ng/inline/ng_offset_mapping.cc
+++ b/third_party/blink/renderer/core/layout/ng/inline/ng_offset_mapping.cc
@@ -368,7 +368,7 @@ NGOffsetMapping::GetMappingUnitsForLayoutObject(
                   [&layout_object](const NGOffsetMappingUnit& unit) {
                     return unit.GetLayoutObject() == layout_object;
                   });
-  DCHECK_NE(begin, units_.end());
+  CHECK_NE(begin, units_.end());
  const auto* end =
      std::find_if(std::next(begin), units_.end(),
                   [&layout_object](const NGOffsetMappingUnit& unit) {
@@ -500,7 +500,7 @@ Position NGOffsetMapping::GetFirstPosition(unsigned offset) const {
                       [](const NGOffsetMappingUnit& unit, unsigned offset) {
                         return unit.TextContentEnd() < offset;
                       });
-  DCHECK_NE(result, units_.end());
+  CHECK_NE(result, units_.end());
  // Skip CSS generated content, e.g. "content" property in ::before/::after.
  while (!result->AssociatedNode()) {
    result = std::next(result);
@@ -552,7 +552,7 @@ const NGOffsetMappingUnit* NGOffsetMapping::GetLastMappingUnit(
                       [](unsigned offset, const NGOffsetMappingUnit& unit) {
                         return offset < unit.TextContentStart();
                       });
-  DCHECK_NE(result, units_.begin());
+  CHECK_NE(result, units_.begin());
  result = std::prev(result);
  if (result->TextContentEnd() < offset)
    return nullptr;