[webkit-changes] [WebKit/WebKit] 7d7be7: REGRESSION(267280 at main): costco.com crash in WebCo...

Sammy Gill noreply at github.com
Thu Sep 14 09:19:57 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 7d7be769ce2d1407bdac2234c29f91630ca959fd
      https://github.com/WebKit/WebKit/commit/7d7be769ce2d1407bdac2234c29f91630ca959fd
  Author: Sammy Gill <sammy.gill at apple.com>
  Date:   2023-09-14 (Thu, 14 Sep 2023)

  Changed paths:
    A LayoutTests/imported/w3c/web-platform-tests/css/css-grid/parsing/grid-template-node-not-connected-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/css/css-grid/parsing/grid-template-node-not-connected.html
    M Source/WebCore/css/ShorthandSerializer.cpp

  Log Message:
  -----------
  REGRESSION(267280 at main): costco.com crash in WebCore::ShorthandSerializer::serializeGridTemplate const
https://bugs.webkit.org/show_bug.cgi?id=261421
rdar://115046351

Reviewed by Darin Adler.

Costco's checkout page uses element.TextContent = "" which ends up
disconnecting some nodes from the tree. When the ShorthandSerializer
tries to get the value for each of the longhands of grid-template,
the ComputedStyleExtractor is unable to resolve the RenderStyle to use
via computeRenderStyleForProperty and returns nullptr for the longhand
value. This results in a hard nullptr deref
ShorthandSerializer::longhandValue.

Any time we are using the ComputedStyleExtractor version of the
ShorthandSerializer and we end up getting a nullptr back for one of
the longhand values we should instead set m_result to the emptyString
(which would have been returned anyways in
CSSComputedStyleDeclaration::getPropertyValue if we used the
ComputedStyleExtractor rather than the ShorthandSerializer for the
shorthand's computed style) and return true from
commonSerializationChecks. The serialize function will see that
commonSerializationChecks set the value and return it back to the
caller.

* LayoutTests/imported/w3c/web-platform-tests/css/css-grid/parsing/grid-template-node-not-connected-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-grid/parsing/grid-template-node-not-connected.html: Added.
* Source/WebCore/css/ShorthandSerializer.cpp:
(WebCore::ShorthandSerializer::commonSerializationChecks):

Canonical link: https://commits.webkit.org/267989@main

More information about the webkit-changes mailing list