Bug 228735

Summary: REGRESSION(r279050): Crash under CSSImageValue::createDeprecatedCSSOMWrapper with cursor images
Product: WebKit Reporter: Antti Koivisto <koivisto>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, darin, esprehn+autocc, ews-watchlist, glenn, gyuyoung.kim, macpherson, menard, mjs, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Antti Koivisto
Reported 2021-08-03 03:02:46 PDT
CSSCursorImageValue is not a CSSImageValue.
Attachments
patch (3.13 KB, patch)
2021-08-03 03:46 PDT, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2021-08-03 03:46:34 PDT
Created attachment 434824 [details] patch
Maciej Stachowiak
Comment 2 2021-08-03 09:45:01 PDT
<rdar://81119647>
Radar WebKit Bug Importer
Comment 3 2021-08-03 09:45:15 PDT
<rdar://problem/81466490>
EWS
Comment 4 2021-08-03 09:55:04 PDT
Committed r280599 (240217@main): <https://commits.webkit.org/240217@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 434824 [details].
Darin Adler
Comment 5 2021-08-03 18:48:55 PDT
Comment on attachment 434824 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=434824&action=review > Source/WebCore/css/CSSValue.cpp:498 > + if (isImageValue()) > return downcast<CSSImageValue>(this)->createDeprecatedCSSOMWrapper(styleDeclaration); > if (isPrimitiveValue()) Occurs to me that we could come back here and make this more obviously correct by using is<CSSImageValue>, is<CSSPrimitiveValue>, and is<CSSValueList>.
Note You need to log in before you can comment on or make changes to this bug.