[webkit-changes] [WebKit/WebKit] d113cc: Check imageURL null for Element::parserSetAttribut...
Yusuke Suzuki
noreply at github.com
Fri Mar 29 00:30:35 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d113ccd097082b7db803786051566b6abd7ceffe
https://github.com/WebKit/WebKit/commit/d113ccd097082b7db803786051566b6abd7ceffe
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2024-03-29 (Fri, 29 Mar 2024)
Changed paths:
M Source/WebCore/loader/ImageLoader.cpp
Log Message:
-----------
Check imageURL null for Element::parserSetAttributes inconsistency issue
https://bugs.webkit.org/show_bug.cgi?id=271873
rdar://125543680
Reviewed by Ryosuke Niwa.
Element::parserSetAttributes first set all attributes into ElementRareData. And after that, it calls Element::attributeChanged.
This can cause inconsistency in each element which configures its members in attributeChanged: while attribute is already in the ElementRareData,
corresponding attributeChanged is not called *yet*. We can hit a nullptr crash in ImageLoader since it is reading src attr of <image> (which can be set already),
while it is also reading m_currentURL (which will be configured via attributeChanged, and it may not be called *yet*.).
In this patch, we just handle this as the same to the case we see nullptr src attr. This is fine since we call attributeChanged for each attribute so eventually
HTMLImageElement & ImageLoader state converges and it becomes consistent.
* Source/WebCore/loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement):
Canonical link: https://commits.webkit.org/276826@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list