Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d113ccd097082b7db803786051566b6abd7ceffe
https://github.com/WebKit/WebKit/commit/d113ccd097082b7db803786051566b6abd7ceffe
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2024-03-29 (Fri, 29 Mar 2024)
Changed paths:
M Source/WebCore/loader/ImageLoader.cpp
Log Message:
-----------
Check imageURL null for Element::parserSetAttributes inconsistency issue
https://bugs.webkit.org/show_bug.cgi?id=271873
rdar://125543680
Reviewed by Ryosuke Niwa.
Element::parserSetAttributes first set all attributes into ElementRareData. And
after that, it calls Element::attributeChanged.
This can cause inconsistency in each element which configures its members in
attributeChanged: while attribute is already in the ElementRareData,
corresponding attributeChanged is not called *yet*. We can hit a nullptr crash
in ImageLoader since it is reading src attr of <image> (which can be set
already),
while it is also reading m_currentURL (which will be configured via
attributeChanged, and it may not be called *yet*.).
In this patch, we just handle this as the same to the case we see nullptr src
attr. This is fine since we call attributeChanged for each attribute so
eventually
HTMLImageElement & ImageLoader state converges and it becomes consistent.
* Source/WebCore/loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement):
Canonical link: https://commits.webkit.org/276826@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
