Bug 228735

Summary:

REGRESSION(r279050): Crash under CSSImageValue::createDeprecatedCSSOMWrapper with cursor images

Product:

WebKit

Reporter:

Antti Koivisto <koivisto>

Component:

CSS

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, darin, esprehn+autocc, ews-watchlist, glenn, gyuyoung.kim, macpherson, menard, mjs, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
patch	none

Description Antti Koivisto 2021-08-03 03:02:46 PDT

CSSCursorImageValue is not a CSSImageValue.

Comment 1 Antti Koivisto 2021-08-03 03:46:34 PDT

Created attachment 434824 [details]
patch

Comment 2 Maciej Stachowiak 2021-08-03 09:45:01 PDT

<rdar://81119647>

Comment 3 Radar WebKit Bug Importer 2021-08-03 09:45:15 PDT

<rdar://problem/81466490>

Comment 4 EWS 2021-08-03 09:55:04 PDT

Committed r280599 (240217@main): <https://commits.webkit.org/240217@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 434824 [details].

Comment 5 Darin Adler 2021-08-03 18:48:55 PDT

Comment on attachment 434824 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=434824&action=review

> Source/WebCore/css/CSSValue.cpp:498
> +    if (isImageValue())
>          return downcast<CSSImageValue>(this)->createDeprecatedCSSOMWrapper(styleDeclaration);
>      if (isPrimitiveValue())

Occurs to me that we could come back here and make this more obviously correct by using is<CSSImageValue>, is<CSSPrimitiveValue>, and is<CSSValueList>.