Title: [295393] trunk/Source/WebCore/rendering/RenderImageResource.cpp
- Revision
- 295393
- Author
- za...@apple.com
- Date
- 2022-06-08 14:02:15 -0700 (Wed, 08 Jun 2022)
Log Message
RenderImageResource::setCachedImage may produce a null renderer
https://bugs.webkit.org/show_bug.cgi?id=241435
<rdar://93714107>
Reviewed by Antti Koivisto.
This is a speculative fix to address null deref on the renderer.
* Source/WebCore/rendering/RenderImageResource.cpp:
(WebCore::RenderImageResource::setCachedImage):
Canonical link: https://commits.webkit.org/251399@main
Modified Paths
Diff
Modified: trunk/Source/WebCore/rendering/RenderImageResource.cpp (295392 => 295393)
--- trunk/Source/WebCore/rendering/RenderImageResource.cpp 2022-06-08 20:58:30 UTC (rev 295392)
+++ trunk/Source/WebCore/rendering/RenderImageResource.cpp 2022-06-08 21:02:15 UTC (rev 295393)
@@ -63,6 +63,10 @@
if (m_cachedImage && m_renderer && m_cachedImageRemoveClientIsNeeded)
m_cachedImage->removeClient(*m_renderer);
+ if (!m_renderer) {
+ // removeClient may have destroyed the renderer.
+ return;
+ }
m_cachedImage = newImage;
m_cachedImageRemoveClientIsNeeded = true;
if (!m_cachedImage)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
