Cherry-pick 270032@main (0dfdb1a). https://bugs.webkit.org/show_bug.c…

…gi?id=263990 RenderVideo::videoBox crashes when intrinsic size is zero https://bugs.webkit.org/show_bug.cgi?id=263990 <radar://116303559> Reviewed by Alan Baradlay. LayoutSize::fitToAspectRatio(aspectRatio, ) assumes that aspectRatio is non-empty as it divides by aspectRatio.height() and aspectRatio.width(). When either are zero, this would result in a floating point exception due to division by zero. It's not clear we should add this check to fitToAspectRatio() and based on where fitToAspectRatio is called, it seems more appropriate to check before the call site. * Source/WebCore/rendering/RenderVideo.cpp: (WebCore::RenderVideo::videoBox const): Ensure that intrinsicSize is not empty. Canonical link: https://commits.webkit.org/270032@main
WebKit · Jan 25, 2024 · 1507cdd · 1507cdd
1 parent f1e03c1
commit 1507cdd
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Source/WebCore/rendering/RenderVideo.cpp b/Source/WebCore/rendering/RenderVideo.cpp
@@ -191,7 +191,7 @@ IntRect RenderVideo::videoBox() const
     if (videoElement().shouldDisplayPosterImage())
         intrinsicSize = m_cachedImageSize;
 
-    if (videoElement().isFullscreen() && areAspectRatiosEssentiallyEqual(intrinsicSize, contentSize(), page().deviceScaleFactor()))
+    if (!intrinsicSize.isEmpty() && videoElement().isFullscreen() && areAspectRatiosEssentiallyEqual(intrinsicSize, contentSize(), page().deviceScaleFactor()))
         return snappedIntRect({ contentBoxLocation(), contentSize().fitToAspectRatio(intrinsicSize, AspectRatioFitGrow) });
 
     return snappedIntRect(replacedContentRect(intrinsicSize));