180386 2017-12-04 16:50:43 -0800 Check Image::m_image is not null in ImageLoader::decode() 2018-01-09 08:44:50 -0800 1 1 1 Unclassified WebKit Images WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 sabouhallawa sabouhallawa cdumez commit-queue dbates ews-watchlist japhet simon.fraser thorton webkit-bug-importer oldest_to_newest 1377999 0 sabouhallawa 2017-12-04 16:50:43 -0800 The HTMLImageElement can be set to a non empty image source URL but the ImageLoader::updateFromElement() makes an early return before creating a CachedImage. If ImageLoader::decode() is called in this case, ImageLoader::m_image will be null and a crash will happen. 1378003 1 sabouhallawa 2017-12-04 16:51:17 -0800 <rdar://problem/34634483> 1378008 2 328414 sabouhallawa 2017-12-04 16:55:31 -0800 Created attachment 328414 Patch 1379818 3 328414 thorton 2017-12-08 14:50:51 -0800 Comment on attachment 328414 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=328414&action=review > Source/WebCore/ChangeLog:8 > + Ensure ImageLoader::m_image is not null before referencing it. Did this regress? Do you know when? Do you know how to reproduce? Can you write a test? 1379852 4 328414 simon.fraser 2017-12-08 15:45:08 -0800 Comment on attachment 328414 Patch Yeah, this needs a test. 1387103 5 330788 sabouhallawa 2018-01-08 20:26:51 -0800 Created attachment 330788 Patch 1387104 6 330789 sabouhallawa 2018-01-08 20:28:19 -0800 Created attachment 330789 test case: decoding an image with an invalid URL (will crash) 1387274 7 330788 commit-queue 2018-01-09 08:44:48 -0800 Comment on attachment 330788 Patch Clearing flags on attachment: 330788 Committed r226638: <https://trac.webkit.org/changeset/226638> 1387275 8 commit-queue 2018-01-09 08:44:50 -0800 All reviewed patches have been landed. Closing bug. 328414 2017-12-04 16:55:31 -0800 2018-01-08 20:26:49 -0800 Patch bug-180386-20171204165530.patch text/plain 1399 sabouhallawa SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIyNTUwNikKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDE3LTEyLTA0ICBTYWlkIEFi b3UtSGFsbGF3YSAgPHNhYm91aGFsbGF3YUBhcHBsZS5jb20+CisKKyAgICAgICAgQ2hlY2sgSW1h Z2U6Om1faW1hZ2UgaXMgbm90IG51bGwgaW4gSW1hZ2VMb2FkZXI6OmRlY29kZSgpCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xODAzODYKKworICAgICAg ICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBFbnN1cmUgSW1hZ2VMb2Fk ZXI6Om1faW1hZ2UgaXMgbm90IG51bGwgYmVmb3JlIHJlZmVyZW5jaW5nIGl0LgorCisgICAgICAg ICogbG9hZGVyL0ltYWdlTG9hZGVyLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkltYWdlTG9hZGVy OjpkZWNvZGUpOgorCiAyMDE3LTEyLTA0ICBaYWxhbiBCdWp0YXMgIDx6YWxhbkBhcHBsZS5jb20+ CiAKICAgICAgICAgUmVuZGVyTXVsdGlDb2x1bW5GbG93OjpmcmFnbWVudGVkRmxvd0Rlc2NlbmRh bnRJbnNlcnRlZCBzaG91bGQgbm90IGRlc3Ryb3kgaW5jb21pbmcgbmV3RGVzY2VuZGFudApJbmRl eDogU291cmNlL1dlYkNvcmUvbG9hZGVyL0ltYWdlTG9hZGVyLmNwcAo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBT b3VyY2UvV2ViQ29yZS9sb2FkZXIvSW1hZ2VMb2FkZXIuY3BwCShyZXZpc2lvbiAyMjU0MzcpCisr KyBTb3VyY2UvV2ViQ29yZS9sb2FkZXIvSW1hZ2VMb2FkZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBA IC00MTIsMTIgKzQxMiwxMiBAQCB2b2lkIEltYWdlTG9hZGVyOjpkZWNvZGUoKQogICAgICAgICBy ZXR1cm47CiAgICAgfQogCi0gICAgSW1hZ2UqIGltYWdlID0gbV9pbWFnZS0+aW1hZ2UoKTsKLSAg ICBpZiAoIWltYWdlIHx8IG1faW1hZ2UtPmVycm9yT2NjdXJyZWQoKSkgeworICAgIGlmICghbV9p bWFnZSB8fCAhbV9pbWFnZS0+aW1hZ2UoKSB8fCBtX2ltYWdlLT5lcnJvck9jY3VycmVkKCkpIHsK ICAgICAgICAgZGVjb2RlRXJyb3IoIkxvYWRpbmcgZXJyb3IuIik7CiAgICAgICAgIHJldHVybjsK ICAgICB9CiAKKyAgICBJbWFnZSogaW1hZ2UgPSBtX2ltYWdlLT5pbWFnZSgpOwogICAgIGlmICgh aW1hZ2UtPmlzQml0bWFwSW1hZ2UoKSkgewogICAgICAgICBkZWNvZGVFcnJvcigiSW52YWxpZCBp bWFnZSB0eXBlLiIpOwogICAgICAgICByZXR1cm47Cg== 330788 2018-01-08 20:26:51 -0800 2018-01-09 08:44:48 -0800 Patch bug-180386-20180108202650.patch text/plain 3946 sabouhallawa U3VidmVyc2lvbiBSZXZpc2lvbjogMjI2MzQ0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggZDMxMzZlODA3YjY5NzNm YWViYzQ3M2IwNjNiODU1NTRlMmFiZTk5Mi4uNzgwYWRkZDYyZjUwYWJjMDAwOTM2YmE2ZWRlMmRl YWI0YjlmNTRmYSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDE4LTAxLTA4ICBTYWlk IEFib3UtSGFsbGF3YSAgPHNhYm91aGFsbGF3YUBhcHBsZS5jb20+CisKKyAgICAgICAgQ2hlY2sg SW1hZ2U6Om1faW1hZ2UgaXMgbm90IG51bGwgaW4gSW1hZ2VMb2FkZXI6OmRlY29kZSgpCisgICAg ICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xODAzODYKKyAgICAg ICAgPHJkYXI6Ly9wcm9ibGVtLzM0NjM0NDgzPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIEVuc3VyZSBJbWFnZUxvYWRlcjo6bV9pbWFnZSBpcyBub3Qg bnVsbCBiZWZvcmUgcmVmZXJlbmNpbmcgaXQuCisKKyAgICAgICAgKiBsb2FkZXIvSW1hZ2VMb2Fk ZXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6SW1hZ2VMb2FkZXI6OmRlY29kZSk6CisKIDIwMTgt MDEtMDIgIEJyYWR5IEVpZHNvbiAgPGJlaWRzb25AYXBwbGUuY29tPgogCiAgICAgICAgIE1ha2Ug TWVzc2FnZVBvcnRDaGFubmVsOjp0YWtlQWxsTWVzc2FnZXNGcm9tUmVtb3RlIGFzeW5jaHJvbm91 cy4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9JbWFnZUxvYWRlci5jcHAgYi9T b3VyY2UvV2ViQ29yZS9sb2FkZXIvSW1hZ2VMb2FkZXIuY3BwCmluZGV4IDYyNzI3MWYzYjM4YTQw NWI0MjExMjFkMTU3NDhjOGE1NjUzZjNhNDYuLmY3Y2MyZTcxM2E1YmIzYTQwYzhiN2JmMmI5Yzgy MjU1MmFiYTVkMjQgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9JbWFnZUxvYWRl ci5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvbG9hZGVyL0ltYWdlTG9hZGVyLmNwcApAQCAtNDEy LDEyICs0MTIsMTIgQEAgdm9pZCBJbWFnZUxvYWRlcjo6ZGVjb2RlKCkKICAgICAgICAgcmV0dXJu OwogICAgIH0KIAotICAgIEltYWdlKiBpbWFnZSA9IG1faW1hZ2UtPmltYWdlKCk7Ci0gICAgaWYg KCFpbWFnZSB8fCBtX2ltYWdlLT5lcnJvck9jY3VycmVkKCkpIHsKKyAgICBpZiAoIW1faW1hZ2Ug fHwgIW1faW1hZ2UtPmltYWdlKCkgfHwgbV9pbWFnZS0+ZXJyb3JPY2N1cnJlZCgpKSB7CiAgICAg ICAgIGRlY29kZUVycm9yKCJMb2FkaW5nIGVycm9yLiIpOwogICAgICAgICByZXR1cm47CiAgICAg fQogCisgICAgSW1hZ2UqIGltYWdlID0gbV9pbWFnZS0+aW1hZ2UoKTsKICAgICBpZiAoIWltYWdl LT5pc0JpdG1hcEltYWdlKCkpIHsKICAgICAgICAgZGVjb2RlRXJyb3IoIkludmFsaWQgaW1hZ2Ug dHlwZS4iKTsKICAgICAgICAgcmV0dXJuOwpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvQ2hhbmdl TG9nIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCmluZGV4IGQ4MDVhNTI0NmM0ZDhiMjI4ODVlMjg5 YzMxNTNhMGEwNTUzN2ZiZTQuLjg0M2Q0ZWNiNzkxMjE3Nzg2ZjgzMGY5NGYxMDJlOWY3ZDVmNzY1 MzkgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL0NoYW5nZUxvZworKysgYi9MYXlvdXRUZXN0cy9D aGFuZ2VMb2cKQEAgLTEsMyArMSwxNiBAQAorMjAxOC0wMS0wOCAgU2FpZCBBYm91LUhhbGxhd2Eg IDxzYWJvdWhhbGxhd2FAYXBwbGUuY29tPgorCisgICAgICAgIENoZWNrIEltYWdlOjptX2ltYWdl IGlzIG5vdCBudWxsIGluIEltYWdlTG9hZGVyOjpkZWNvZGUoKQorICAgICAgICBodHRwczovL2J1 Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTgwMzg2CisgICAgICAgIDxyZGFyOi8vcHJv YmxlbS8zNDYzNDQ4Mz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKwor ICAgICAgICBBZGQgYSBuZXcgcmVqZWN0ZWQgY2FzZSBmb3IgZGVjb2RpbmcgYW4gaW1hZ2Ugd2l0 aCBhbiBpbnZhbGlkIFVSTC4KKworICAgICAgICAqIGZhc3QvaW1hZ2VzL2RlY29kZS1zdGF0aWMt aW1hZ2UtcmVqZWN0LWV4cGVjdGVkLnR4dDoKKyAgICAgICAgKiBmYXN0L2ltYWdlcy9kZWNvZGUt c3RhdGljLWltYWdlLXJlamVjdC5odG1sOgorCiAyMDE4LTAxLTAyICBNaWNoYWVsIENhdGFuemFy byAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KIAogICAgICAgICBVbnJldmlld2VkIFdQRSB0ZXN0 IGdhcmRlbmluZy4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3QvaW1hZ2VzL2RlY29kZS1z dGF0aWMtaW1hZ2UtcmVqZWN0LWV4cGVjdGVkLnR4dCBiL0xheW91dFRlc3RzL2Zhc3QvaW1hZ2Vz L2RlY29kZS1zdGF0aWMtaW1hZ2UtcmVqZWN0LWV4cGVjdGVkLnR4dAppbmRleCBjZmIyMWQzZTI0 MDg5YWY3ODkyN2ZjMjU2YzFjMGNhMmFlZjAzMDhiLi5jOGFlYTQ5NGExODVjNjQ0ODcyOGFjZTg2 NzQwZmFmZGM5NjcxYTRiIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9mYXN0L2ltYWdlcy9kZWNv ZGUtc3RhdGljLWltYWdlLXJlamVjdC1leHBlY3RlZC50eHQKKysrIGIvTGF5b3V0VGVzdHMvZmFz dC9pbWFnZXMvZGVjb2RlLXN0YXRpYy1pbWFnZS1yZWplY3QtZXhwZWN0ZWQudHh0CkBAIC02LDYg KzYsNyBAQCBPbiBzdWNjZXNzLCB5b3Ugd2lsbCBzZWUgYSBzZXJpZXMgb2YgIlBBU1MiIG1lc3Nh Z2VzLCBmb2xsb3dlZCBieSAiVEVTVCBDT01QTEVURQogRmFpbGVkIHRvIGRlY29kZSBpbWFnZSB3 aXRoIG5vIHNvdXJjZS4gUmVzdWx0IGlzOiBFbmNvZGluZ0Vycm9yOiBNaXNzaW5nIHNvdXJjZSBV UkwuCiBGYWlsZWQgdG8gZGVjb2RlIGltYWdlIHdpdGggbm9uLWV4aXN0ZW50IHNvdXJjZS4gUmVz dWx0IGlzOiBFbmNvZGluZ0Vycm9yOiBMb2FkaW5nIGVycm9yLgogRmFpbGVkIHRvIGRlY29kZSBp bWFnZSB3aXRoIHVuc3VwcG9ydGVkIGltYWdlIGZvcm1hdC4gUmVzdWx0IGlzOiBFbmNvZGluZ0Vy cm9yOiBMb2FkaW5nIGVycm9yLgorRmFpbGVkIHRvIGRlY29kZSBpbWFnZSB3aXRoIGludmFsaWQg VVJMLiBSZXN1bHQgaXM6IEVuY29kaW5nRXJyb3I6IExvYWRpbmcgZXJyb3IuCiBQQVNTIHN1Y2Nl c3NmdWxseVBhcnNlZCBpcyB0cnVlCiAKIFRFU1QgQ09NUExFVEUKZGlmZiAtLWdpdCBhL0xheW91 dFRlc3RzL2Zhc3QvaW1hZ2VzL2RlY29kZS1zdGF0aWMtaW1hZ2UtcmVqZWN0Lmh0bWwgYi9MYXlv dXRUZXN0cy9mYXN0L2ltYWdlcy9kZWNvZGUtc3RhdGljLWltYWdlLXJlamVjdC5odG1sCmluZGV4 IDgxYmFhYjFmYmIzZTBhNDZjZWZlOWMzNjE4YTE0OWM1NTZmNzA1OTEuLmRlOWM1MjZiNDQyNDFl ZGFhODhmYWZmOWI4N2ZlYzhmZjhlZWJjOTkgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL2Zhc3Qv aW1hZ2VzL2RlY29kZS1zdGF0aWMtaW1hZ2UtcmVqZWN0Lmh0bWwKKysrIGIvTGF5b3V0VGVzdHMv ZmFzdC9pbWFnZXMvZGVjb2RlLXN0YXRpYy1pbWFnZS1yZWplY3QuaHRtbApAQCAtMjEsNiArMjEs MTEgQEAKICAgICAgICAgfSkKICAgICAgICAgLmNhdGNoKHJlYXNvbiA9PiB7CiAgICAgICAgICAg ICBkZWJ1ZygiRmFpbGVkIHRvIGRlY29kZSBpbWFnZSB3aXRoIHVuc3VwcG9ydGVkIGltYWdlIGZv cm1hdC4gUmVzdWx0IGlzOiAiICsgcmVhc29uKTsKKyAgICAgICAgICAgIGltYWdlLnNyYyA9ICJo dHRwczovL3NlcnZlcjo4MGE4MC8iOworICAgICAgICAgICAgcmV0dXJuIGltYWdlLmRlY29kZSgp OworICAgICAgICB9KQorICAgICAgICAuY2F0Y2gocmVhc29uID0+IHsKKyAgICAgICAgICAgIGRl YnVnKCJGYWlsZWQgdG8gZGVjb2RlIGltYWdlIHdpdGggaW52YWxpZCBVUkwuIFJlc3VsdCBpczog IiArIHJlYXNvbik7CiAgICAgICAgICAgICBmaW5pc2hKU1Rlc3QoKTsKICAgICAgICAgfSk7CiAg ICAgPC9zY3JpcHQ+Cg== 330789 2018-01-08 20:28:19 -0800 2018-01-09 08:24:07 -0800 test case: decoding an image with an invalid URL (will crash) decode-invalide-url-image.html text/html 207 sabouhallawa PGJvZHk+CiAgICA8c2NyaXB0PgogICAgICAgIHZhciBpbWFnZSA9IG5ldyBJbWFnZTsKICAgICAg ICBpbWFnZS5zcmMgPSAiaHR0cHM6Ly9zZXJ2ZXI6ODBhODAvIjsKICAgICAgICBpbWFnZS5kZWNv ZGUoKS50aGVuKCgpID0+IHsKICAgICAgICAgICAgZG9jdW1lbnQuYXBwZW5kQ2hpbGQoaW1hZ2Up OwogICAgICAgIH0pOwogICAgPC9zY3JpcHQ+CjwvYm9keT4K