Title: [271392] trunk
- Revision
- 271392
- Author
- [email protected]
- Date
- 2021-01-12 01:34:57 -0800 (Tue, 12 Jan 2021)
Log Message
Null check CSSFilter::output()
https://bugs.webkit.org/show_bug.cgi?id=220350
Patch by Rob Buis <[email protected]> on 2021-01-12
Reviewed by Youenn Fablet.
Source/WebCore:
Null check CSSFilter::output() since this is not
guaranteed to be non-null.
Test: css3/filters/large-background-size-crash.html
* css/CSSFilterImageValue.cpp:
(WebCore::CSSFilterImageValue::image):
LayoutTests:
Add test for this.
* css3/filters/large-background-size-crash-expected.txt: Added.
* css3/filters/large-background-size-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (271391 => 271392)
--- trunk/LayoutTests/ChangeLog 2021-01-12 09:32:37 UTC (rev 271391)
+++ trunk/LayoutTests/ChangeLog 2021-01-12 09:34:57 UTC (rev 271392)
@@ -1,3 +1,15 @@
+2021-01-12 Rob Buis <[email protected]>
+
+ Null check CSSFilter::output()
+ https://bugs.webkit.org/show_bug.cgi?id=220350
+
+ Reviewed by Youenn Fablet.
+
+ Add test for this.
+
+ * css3/filters/large-background-size-crash-expected.txt: Added.
+ * css3/filters/large-background-size-crash.html: Added.
+
2021-01-11 Fujii Hironori <[email protected]>
[WinCairo] Unreviewed test gardening
Added: trunk/LayoutTests/css3/filters/large-background-size-crash-expected.txt (0 => 271392)
--- trunk/LayoutTests/css3/filters/large-background-size-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/css3/filters/large-background-size-crash-expected.txt 2021-01-12 09:34:57 UTC (rev 271392)
@@ -0,0 +1 @@
+PASS if test does not crash or cause an ASSERT failure.
Added: trunk/LayoutTests/css3/filters/large-background-size-crash.html (0 => 271392)
--- trunk/LayoutTests/css3/filters/large-background-size-crash.html (rev 0)
+++ trunk/LayoutTests/css3/filters/large-background-size-crash.html 2021-01-12 09:34:57 UTC (rev 271392)
@@ -0,0 +1,12 @@
+<!-- Test passes if doesn't crash. -->
+<style>
+* {
+ background-size: 1px 16777218;
+ background-image: -webkit-filter(url(''), contrast(0));
+}
+</style>
+PASS if test does not crash or cause an ASSERT failure.
+<script>
+ if (window.testRunner)
+ window.testRunner.dumpAsText(false);
+</script>
Modified: trunk/Source/WebCore/ChangeLog (271391 => 271392)
--- trunk/Source/WebCore/ChangeLog 2021-01-12 09:32:37 UTC (rev 271391)
+++ trunk/Source/WebCore/ChangeLog 2021-01-12 09:34:57 UTC (rev 271392)
@@ -1,3 +1,18 @@
+2021-01-12 Rob Buis <[email protected]>
+
+ Null check CSSFilter::output()
+ https://bugs.webkit.org/show_bug.cgi?id=220350
+
+ Reviewed by Youenn Fablet.
+
+ Null check CSSFilter::output() since this is not
+ guaranteed to be non-null.
+
+ Test: css3/filters/large-background-size-crash.html
+
+ * css/CSSFilterImageValue.cpp:
+ (WebCore::CSSFilterImageValue::image):
+
2021-01-11 Simon Fraser <[email protected]>
Safari 14 on 2x display renders NYS DMV page as blurry
Modified: trunk/Source/WebCore/css/CSSFilterImageValue.cpp (271391 => 271392)
--- trunk/Source/WebCore/css/CSSFilterImageValue.cpp 2021-01-12 09:32:37 UTC (rev 271391)
+++ trunk/Source/WebCore/css/CSSFilterImageValue.cpp 2021-01-12 09:34:57 UTC (rev 271392)
@@ -131,7 +131,11 @@
return &Image::nullImage();
cssFilter->apply();
- return cssFilter->output()->copyImage();
+ auto* output = cssFilter->output();
+ if (!output)
+ return &Image::nullImage();
+
+ return output->copyImage();
}
void CSSFilterImageValue::filterImageChanged(const IntRect&)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
