[webkit-changes] [202754] trunk/Source/WebKit2

[bfulgham]

Title: [202754] trunk/Source/WebKit2

Revision

202754

Author

bfulg...@apple.com

Date

2016-07-01 13:52:30 -0700 (Fri, 01 Jul 2016)

Log Message

Prevent crash when attempting to copy an image
https://bugs.webkit.org/show_bug.cgi?id=159288
<rdar://problem/23507828>

Reviewed by Brady Eidson.

WebKit could crash if the HTMLImageElement had a null cachedImage member.
A little investigation showed that the URL we retrieve from the cachedImage
is never used, so rather than adding a null check, let's just pass a
default argument. The actual URL gets read from elsewhere in the pasteboard
processing code.

* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::performActionOnElement): Don't bother passing the
unused URL argument to the pasteboard method.

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (202753 => 202754)

--- trunk/Source/WebKit2/ChangeLog	2016-07-01 20:51:02 UTC (rev 202753)
+++ trunk/Source/WebKit2/ChangeLog	2016-07-01 20:52:30 UTC (rev 202754)
@@ -1,3 +1,21 @@
+2016-07-01  Brent Fulgham  <bfulg...@apple.com>
+
+        Prevent crash when attempting to copy an image
+        https://bugs.webkit.org/show_bug.cgi?id=159288
+        <rdar://problem/23507828>
+
+        Reviewed by Brady Eidson.
+        
+        WebKit could crash if the HTMLImageElement had a null cachedImage member.
+        A little investigation showed that the URL we retrieve from the cachedImage
+        is never used, so rather than adding a null check, let's just pass a
+        default argument. The actual URL gets read from elsewhere in the pasteboard
+        processing code.
+
+        * WebProcess/WebPage/ios/WebPageIOS.mm:
+        (WebKit::WebPage::performActionOnElement): Don't bother passing the
+        unused URL argument to the pasteboard method.
+
 2016-07-01  Brady Eidson  <beid...@apple.com>
 
         Blob content type not preserved when retrieving blobs from IndexedDB.

Modified: trunk/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm (202753 => 202754)

--- trunk/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm	2016-07-01 20:51:02 UTC (rev 202753)
+++ trunk/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm	2016-07-01 20:52:30 UTC (rev 202754)
@@ -2444,7 +2444,7 @@
         if (is<RenderImage>(*element.renderer())) {
             Element* linkElement = containingLinkElement(&element);
             if (!linkElement)
-                m_interactionNode->document().frame()->editor().writeImageToPasteboard(*Pasteboard::createForCopyAndPaste(), element, downcast<RenderImage>(*element.renderer()).cachedImage()->url(), String());
+                m_interactionNode->document().frame()->editor().writeImageToPasteboard(*Pasteboard::createForCopyAndPaste(), element, URL(), String());
             else
                 m_interactionNode->document().frame()->editor().copyURL(linkElement->document().completeURL(stripLeadingAndTrailingHTMLSpaces(linkElement->fastGetAttribute(HTMLNames::hrefAttr))), linkElement->textContent());
         } else if (element.isLink()) {

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes