Bug 291540

Summary:	Web Content Process crashes on model element creation when calling contentSize()
Product:	WebKit	Reporter:	Aleksei Marchenko <aleksei>
Component:	New Bugs	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P1	Keywords:	InRadar
Version:	Other
Hardware:	Unspecified
OS:	Unspecified

Aleksei Marchenko

Reported 2025-04-14 15:28:31 PDT

The problem happens because HTMLModelElement::contentSize() assume that renderer() is always available but it is not the case. We need to validate the renderer before asking for size.

Attachments
Add attachment proposed patch, testcase, etc.

Aleksei Marchenko

Comment 1 2025-04-14 16:15:53 PDT

<rdar://problem/149030547>

Aleksei Marchenko

Comment 2 2025-04-14 16:16:10 PDT

Pull request: https://github.com/WebKit/WebKit/pull/44074

EWS

Comment 3 2025-04-15 13:16:09 PDT

Committed 293725@main (026d4a3a9764): <https://commits.webkit.org/293725@main> Reviewed commits have been landed. Closing PR #44074 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.