RESOLVED FIXED Bug 180386
Check Image::m_image is not null in ImageLoader::decode() 
https://bugs.webkit.org/show_bug.cgi?id=180386
Summary Check Image::m_image is not null in ImageLoader::decode()
Said Abou-Hallawa
Reported 2017-12-04 16:50:43 PST
The HTMLImageElement can be set to a non empty image source URL but the ImageLoader::updateFromElement() makes an early return before creating a CachedImage. If ImageLoader::decode() is called in this case, ImageLoader::m_image will be null and a crash will happen.
Attachments
Patch (1.37 KB, patch)
2017-12-04 16:55 PST, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (3.85 KB, patch)
2018-01-08 20:26 PST, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
test case: decoding an image with an invalid URL (will crash) (207 bytes, text/html)
2018-01-08 20:28 PST, Said Abou-Hallawa 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Said Abou-Hallawa
Comment 1 2017-12-04 16:51:17 PST
<rdar://problem/34634483>
Said Abou-Hallawa
Comment 2 2017-12-04 16:55:31 PST
Created attachment 328414 [details] Patch
Tim Horton
Comment 3 2017-12-08 14:50:51 PST
Comment on attachment 328414 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=328414&action=review > Source/WebCore/ChangeLog:8 > + Ensure ImageLoader::m_image is not null before referencing it. Did this regress? Do you know when? Do you know how to reproduce? Can you write a test?
Simon Fraser (smfr)
Comment 4 2017-12-08 15:45:08 PST
Comment on attachment 328414 [details] Patch Yeah, this needs a test.
Said Abou-Hallawa
Comment 5 2018-01-08 20:26:51 PST
Created attachment 330788 [details] Patch
Said Abou-Hallawa
Comment 6 2018-01-08 20:28:19 PST
Created attachment 330789 [details] test case: decoding an image with an invalid URL (will crash)
WebKit Commit Bot
Comment 7 2018-01-09 08:44:48 PST
Comment on attachment 330788 [details] Patch Clearing flags on attachment: 330788 Committed r226638: <https://trac.webkit.org/changeset/226638>
WebKit Commit Bot
Comment 8 2018-01-09 08:44:50 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.