Bug 221287

Summary: Null check renderers consistently in StyleImage code
Product: WebKit Reporter: Darin Adler <darin>
Component: Layout and RenderingAssignee: Darin Adler <darin>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, changseok, esprehn+autocc, ews-watchlist, glenn, koivisto, kondapallykalyan, pdr, sabouhallawa, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 221434    
Attachments:
Description Flags
Patch simon.fraser: review+

Darin Adler
Reported 2021-02-02 12:57:10 PST
Null check renderers consistently in StyleImage code
Attachments
Patch (23.22 KB, patch)
2021-02-02 13:20 PST, Darin Adler 		simon.fraser: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Darin Adler
Comment 1 2021-02-02 13:20:34 PST
Created attachment 419060 [details] Patch
Darin Adler
Comment 2 2021-02-02 13:58:52 PST
rdar://73356955
Darin Adler
Comment 3 2021-02-02 14:00:40 PST
Committed r272235: <https://trac.webkit.org/changeset/272235>
Said Abou-Hallawa
Comment 4 2021-02-03 11:01:08 PST
Comment on attachment 419060 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=419060&action=review > Source/WebCore/rendering/style/StyleGeneratedImage.cpp:57 > if (m_fixedSize) { An early return could make the code look better. if (!m_fixedSize) return m_containerSize; > Source/WebCore/rendering/style/StyleGeneratedImage.cpp:59 > + if (!renderer) > + return { }; This line below could also be simplified since we know after this if-statement render is not null. float deviceScaleFactor = renderer ? renderer->document().deviceScaleFactor() : 1; > Source/WebCore/rendering/style/StyleGeneratedImage.cpp:106 > bool StyleGeneratedImage::knownToBeOpaque(const RenderElement* renderer) const I think this function can take const RenderElement& also.
Darin Adler
Comment 5 2021-02-03 15:34:18 PST
Comment on attachment 419060 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=419060&action=review >> Source/WebCore/rendering/style/StyleGeneratedImage.cpp:57 >> if (m_fixedSize) { > > An early return could make the code look better. > > if (!m_fixedSize) > return m_containerSize; I agree. >> Source/WebCore/rendering/style/StyleGeneratedImage.cpp:59 >> + return { }; > > This line below could also be simplified since we know after this if-statement render is not null. > > float deviceScaleFactor = renderer ? renderer->document().deviceScaleFactor() : 1; Good point! >> Source/WebCore/rendering/style/StyleGeneratedImage.cpp:106 >> bool StyleGeneratedImage::knownToBeOpaque(const RenderElement* renderer) const > > I think this function can take const RenderElement& also. Yes, I didn’t see that before, but I looked carefully and see that now.
Antti Koivisto
Comment 6 2022-06-08 05:34:33 PDT
Comment on attachment 419060 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=419060&action=review > Source/WebCore/rendering/RenderImageResource.cpp:68 > - ASSERT(m_renderer); > - if (m_cachedImage && m_cachedImageRemoveClientIsNeeded) > - m_cachedImage->removeClient(*renderer()); > + if (m_cachedImage && m_renderer && m_cachedImageRemoveClientIsNeeded) > + m_cachedImage->removeClient(*m_renderer); > m_cachedImage = newImage; > m_cachedImageRemoveClientIsNeeded = true; > if (!m_cachedImage) I don't think this sort of random sprinkling of null tests is a good idea. Here m_renderer owns the RenderImageResource and m_renderer is a WeakPtr solely to protect against security issues (it could be CheckedPtr but renderers are already CanMakeWeakPtr). In any case where m_renderer is null, RenderImageResource is itself also likely dead and we are in a bad state. Adding null checks allows code to proceed further in bad state and makes identifying root causes from crash stacks harder.
Note You need to log in before you can comment on or make changes to this bug.