Bug 230605

Summary: Color keywords in override-color cause a crash
Product: WebKit Reporter: Myles C. Maxfield <mmaxfield>
Component: TextAssignee: Myles C. Maxfield <mmaxfield>
Status: RESOLVED FIXED    
Severity: Normal CC: clopez, esprehn+autocc, ews-watchlist, glenn, gyuyoung.kim, macpherson, menard, mmaxfield, sam, simon.fraser, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=230533
Bug Depends on:    
Bug Blocks: 230446    
Attachments:
Description Flags
WIP, as if resolution needed to be done per-element
none
Patch simon.fraser: review+, mmaxfield: commit-queue+

Description Myles C. Maxfield 2021-09-22 02:05:45 PDT 
Color keywords in override-color cause a crash
Comment 1 Radar WebKit Bug Importer 2021-09-22 02:06:22 PDT 
<rdar://problem/83389290>
Comment 2 Myles C. Maxfield 2021-09-23 21:13:11 PDT 
Looks like color keywords are idents, otherwise it's a color primitive value.
Comment 3 Myles C. Maxfield 2021-09-23 21:19:45 PDT 
    static void applyValueColor(BuilderState& builderState, CSSValue& value)
    {
        auto& primitiveValue = downcast<CSSPrimitiveValue>(value);
        if (primitiveValue.valueID() == CSSValueCurrentcolor) {
            applyInheritColor(builderState);
            return;
        }
        if (builderState.applyPropertyToRegularStyle())
            builderState.style().setColor(builderState.colorFromPrimitiveValue(primitiveValue, ForVisitedLink::No));
        if (builderState.applyPropertyToVisitedLinkStyle())
            builderState.style().setVisitedLinkColor(builderState.colorFromPrimitiveValue(primitiveValue, ForVisitedLink::Yes));
    }



- and -



Color BuilderState::colorFromPrimitiveValue(const CSSPrimitiveValue& value, ForVisitedLink forVisitedLink) const
{
    if (value.isRGBColor())
        return value.color();

    auto identifier = value.valueID();
    switch (identifier) {
    case CSSValueWebkitText:
        return document().textColor();
    case CSSValueWebkitLink:
        return (element() && element()->isLink() && forVisitedLink == ForVisitedLink::Yes) ? document().visitedLinkColor() : document().linkColor();
    case CSSValueWebkitActivelink:
        return document().activeLinkColor();
    case CSSValueWebkitFocusRingColor:
        return RenderTheme::singleton().focusRingColor(document().styleColorOptions(&m_style));
    case CSSValueCurrentcolor:
        return RenderStyle::currentColor();
    default:
        return StyleColor::colorFromKeyword(identifier, document().styleColorOptions(&m_style));
    }
}
Comment 4 Myles C. Maxfield 2021-09-23 23:11:10 PDT 
See: https://github.com/w3c/csswg-drafts/issues/6680
Comment 5 Myles C. Maxfield 2021-09-23 23:48:02 PDT 
Created attachment 439129 [details]
WIP, as if resolution needed to be done per-element
Comment 6 Myles C. Maxfield 2021-09-24 00:39:05 PDT 
Created attachment 439131 [details]
Patch
Comment 7 EWS Watchlist 2021-09-24 00:40:33 PDT 
This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess
Comment 8 Myles C. Maxfield 2021-09-24 13:12:31 PDT 
Committed r283053 (242113@main): <https://commits.webkit.org/242113@main>