RESOLVED FIXED 221287
Null check renderers consistently in StyleImage code 
https://bugs.webkit.org/show_bug.cgi?id=221287
Summary Null check renderers consistently in StyleImage code
Darin Adler
Reported 2021-02-02 12:57:10 PST
Null check renderers consistently in StyleImage code
Attachments
Patch (23.22 KB, patch)
2021-02-02 13:20 PST, Darin Adler 		simon.fraser: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Darin Adler
Comment 1 2021-02-02 13:20:34 PST
Created attachment 419060 [details] Patch
Darin Adler
Comment 2 2021-02-02 13:58:52 PST
rdar://73356955
Darin Adler
Comment 3 2021-02-02 14:00:40 PST
Committed r272235: <https://trac.webkit.org/changeset/272235>
Said Abou-Hallawa
Comment 4 2021-02-03 11:01:08 PST
Comment on attachment 419060 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=419060&action=review > Source/WebCore/rendering/style/StyleGeneratedImage.cpp:57 > if (m_fixedSize) { An early return could make the code look better. if (!m_fixedSize) return m_containerSize; > Source/WebCore/rendering/style/StyleGeneratedImage.cpp:59 > + if (!renderer) > + return { }; This line below could also be simplified since we know after this if-statement render is not null. float deviceScaleFactor = renderer ? renderer->document().deviceScaleFactor() : 1; > Source/WebCore/rendering/style/StyleGeneratedImage.cpp:106 > bool StyleGeneratedImage::knownToBeOpaque(const RenderElement* renderer) const I think this function can take const RenderElement& also.
Darin Adler
Comment 5 2021-02-03 15:34:18 PST
Comment on attachment 419060 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=419060&action=review >> Source/WebCore/rendering/style/StyleGeneratedImage.cpp:57 >> if (m_fixedSize) { > > An early return could make the code look better. > > if (!m_fixedSize) > return m_containerSize; I agree. >> Source/WebCore/rendering/style/StyleGeneratedImage.cpp:59 >> + return { }; > > This line below could also be simplified since we know after this if-statement render is not null. > > float deviceScaleFactor = renderer ? renderer->document().deviceScaleFactor() : 1; Good point! >> Source/WebCore/rendering/style/StyleGeneratedImage.cpp:106 >> bool StyleGeneratedImage::knownToBeOpaque(const RenderElement* renderer) const > > I think this function can take const RenderElement& also. Yes, I didn’t see that before, but I looked carefully and see that now.
Antti Koivisto
Comment 6 2022-06-08 05:34:33 PDT
Comment on attachment 419060 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=419060&action=review > Source/WebCore/rendering/RenderImageResource.cpp:68 > - ASSERT(m_renderer); > - if (m_cachedImage && m_cachedImageRemoveClientIsNeeded) > - m_cachedImage->removeClient(*renderer()); > + if (m_cachedImage && m_renderer && m_cachedImageRemoveClientIsNeeded) > + m_cachedImage->removeClient(*m_renderer); > m_cachedImage = newImage; > m_cachedImageRemoveClientIsNeeded = true; > if (!m_cachedImage) I don't think this sort of random sprinkling of null tests is a good idea. Here m_renderer owns the RenderImageResource and m_renderer is a WeakPtr solely to protect against security issues (it could be CheckedPtr but renderers are already CanMakeWeakPtr). In any case where m_renderer is null, RenderImageResource is itself also likely dead and we are in a bad state. Adding null checks allows code to proceed further in bad state and makes identifying root causes from crash stacks harder.
Note You need to log in before you can comment on or make changes to this bug.