Bug 230605

Summary: Color keywords in override-color cause a crash
Product: WebKit Reporter: Myles C. Maxfield <mmaxfield>
Component: TextAssignee: Myles C. Maxfield <mmaxfield>
Status: RESOLVED FIXED    
Severity: Normal CC: clopez, esprehn+autocc, ews-watchlist, glenn, gyuyoung.kim, macpherson, menard, mmaxfield, sam, simon.fraser, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=230533
Bug Depends on:    
Bug Blocks: 230446    
Attachments:
Description Flags
WIP, as if resolution needed to be done per-element
none
Patch simon.fraser: review+, mmaxfield: commit-queue+

Myles C. Maxfield
Reported 2021-09-22 02:05:45 PDT
Color keywords in override-color cause a crash
Attachments
WIP, as if resolution needed to be done per-element (11.03 KB, patch)
2021-09-23 23:48 PDT, Myles C. Maxfield 		no flags
DetailsFormatted DiffDiff
Patch (7.99 KB, patch)
2021-09-24 00:39 PDT, Myles C. Maxfield 		simon.fraser: review+
mmaxfield: commit-queue+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-09-22 02:06:22 PDT
<rdar://problem/83389290>
Myles C. Maxfield
Comment 2 2021-09-23 21:13:11 PDT
Looks like color keywords are idents, otherwise it's a color primitive value.
Myles C. Maxfield
Comment 3 2021-09-23 21:19:45 PDT
static void applyValueColor(BuilderState& builderState, CSSValue& value) { auto& primitiveValue = downcast<CSSPrimitiveValue>(value); if (primitiveValue.valueID() == CSSValueCurrentcolor) { applyInheritColor(builderState); return; } if (builderState.applyPropertyToRegularStyle()) builderState.style().setColor(builderState.colorFromPrimitiveValue(primitiveValue, ForVisitedLink::No)); if (builderState.applyPropertyToVisitedLinkStyle()) builderState.style().setVisitedLinkColor(builderState.colorFromPrimitiveValue(primitiveValue, ForVisitedLink::Yes)); } - and - Color BuilderState::colorFromPrimitiveValue(const CSSPrimitiveValue& value, ForVisitedLink forVisitedLink) const { if (value.isRGBColor()) return value.color(); auto identifier = value.valueID(); switch (identifier) { case CSSValueWebkitText: return document().textColor(); case CSSValueWebkitLink: return (element() && element()->isLink() && forVisitedLink == ForVisitedLink::Yes) ? document().visitedLinkColor() : document().linkColor(); case CSSValueWebkitActivelink: return document().activeLinkColor(); case CSSValueWebkitFocusRingColor: return RenderTheme::singleton().focusRingColor(document().styleColorOptions(&m_style)); case CSSValueCurrentcolor: return RenderStyle::currentColor(); default: return StyleColor::colorFromKeyword(identifier, document().styleColorOptions(&m_style)); } }
Myles C. Maxfield
Comment 4 2021-09-23 23:11:10 PDT
See: https://github.com/w3c/csswg-drafts/issues/6680
Myles C. Maxfield
Comment 5 2021-09-23 23:48:02 PDT
Created attachment 439129 [details] WIP, as if resolution needed to be done per-element
Myles C. Maxfield
Comment 6 2021-09-24 00:39:05 PDT
Created attachment 439131 [details] Patch
EWS Watchlist
Comment 7 2021-09-24 00:40:33 PDT
This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess
Myles C. Maxfield
Comment 8 2021-09-24 13:12:31 PDT
Committed r283053 (242113@main): <https://commits.webkit.org/242113@main>
Note You need to log in before you can comment on or make changes to this bug.