Bug 180386 - Check Image::m_image is not null in ImageLoader::decode()
Summary: Check Image::m_image is not null in ImageLoader::decode()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Images (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Said Abou-Hallawa
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-12-04 16:50 PST by Said Abou-Hallawa
Modified: 2018-01-09 08:44 PST (History)
8 users (show)

See Also:

Attachments
Patch (1.37 KB, patch)
2017-12-04 16:55 PST, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Patch (3.85 KB, patch)
2018-01-08 20:26 PST, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
test case: decoding an image with an invalid URL (will crash) (207 bytes, text/html)
2018-01-08 20:28 PST, Said Abou-Hallawa 		no flags Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Said Abou-Hallawa 2017-12-04 16:50:43 PST 
The HTMLImageElement can be set to a non empty image source URL but the ImageLoader::updateFromElement() makes an early return before creating a CachedImage. If ImageLoader::decode() is called in this case, ImageLoader::m_image will be null and a crash will happen.
Comment 1 Said Abou-Hallawa 2017-12-04 16:51:17 PST 
<rdar://problem/34634483>
Comment 2 Said Abou-Hallawa 2017-12-04 16:55:31 PST 
Created attachment 328414 [details]
Patch
Comment 3 Tim Horton 2017-12-08 14:50:51 PST 
Comment on attachment 328414 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=328414&action=review

> Source/WebCore/ChangeLog:8
> +        Ensure ImageLoader::m_image is not null before referencing it.

Did this regress? Do you know when? Do you know how to reproduce? Can you write a test?
Comment 4 Simon Fraser (smfr) 2017-12-08 15:45:08 PST 
Comment on attachment 328414 [details]
Patch

Yeah, this needs a test.
Comment 5 Said Abou-Hallawa 2018-01-08 20:26:51 PST 
Created attachment 330788 [details]
Patch
Comment 6 Said Abou-Hallawa 2018-01-08 20:28:19 PST 
Created attachment 330789 [details]
test case: decoding an image with an invalid URL (will crash)
Comment 7 WebKit Commit Bot 2018-01-09 08:44:48 PST 
Comment on attachment 330788 [details]
Patch

Clearing flags on attachment: 330788

Committed r226638: <https://trac.webkit.org/changeset/226638>
Comment 8 WebKit Commit Bot 2018-01-09 08:44:50 PST 
All reviewed patches have been landed.  Closing bug.