231794 – Avoid null pointer dereference when creating ImageBitmap from a null image

Bug 231794 - Avoid null pointer dereference when creating ImageBitmap from a null image

Summary: Avoid null pointer dereference when creating ImageBitmap from a null image

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Duplicates (1):	236622 (view as bug list)
Depends on:
Blocks:

Reported:	2021-10-14 21:40 PDT by John Cunningham
Modified:	2022-02-18 14:51 PST (History)
CC List:	9 users (show)

See Also:

Attachments
Patch (2.45 KB, patch) 2021-10-14 21:43 PDT, John Cunningham	no flags	Details \| Formatted Diff \| Diff
Patch (4.84 KB, patch) 2021-10-19 20:14 PDT, John Cunningham	no flags	Details \| Formatted Diff \| Diff
Patch (4.84 KB, patch) 2021-10-19 20:29 PDT, John Cunningham	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Cunningham 2021-10-14 21:40:02 PDT

Reject createImageBitmap request earlier if the image is null. Also, check that the native image is nonnull when requesting the colorspace, otherwise, return a default of SRGB.

Comment 1 John Cunningham 2021-10-14 21:43:50 PDT

Created attachment 441331 [details]
Patch

Comment 2 John Cunningham 2021-10-14 21:43:53 PDT

<rdar://problem/83829802>

Comment 3 Cameron McCormack (:heycam) 2021-10-14 21:51:42 PDT

Comment on attachment 441331 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=441331&action=review

Non-reviewer r=me.

> Source/WebCore/ChangeLog:3
> +        Reject createImageBitmap request earlier if the image is null. Also, fix a null ptr deref by checking that the native image is nonnull when requesting the colorspace, otherwise, return a default of SRGB.

Nit: Two sentences is a bit long for this line. :-) I would mention the more important fix here like "Avoid null pointer dereference when creating ImageBitmap from a null image", and then put the details about defaulting to sRGB and rejecting the promise earlier below, just below the "Reviewed by" line.

Comment 4 Said Abou-Hallawa 2021-10-18 20:31:33 PDT

Comment on attachment 441331 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=441331&action=review

r=me based on Cameron's review.

>> Source/WebCore/ChangeLog:3
>> +        Reject createImageBitmap request earlier if the image is null. Also, fix a null ptr deref by checking that the native image is nonnull when requesting the colorspace, otherwise, return a default of SRGB.
> 
> Nit: Two sentences is a bit long for this line. :-) I would mention the more important fix here like "Avoid null pointer dereference when creating ImageBitmap from a null image", and then put the details about defaulting to sRGB and rejecting the promise earlier below, just below the "Reviewed by" line.

Yes please change it to the shorter description.

> Source/WebCore/ChangeLog:9
> +        No new tests (OOPS!).

This line should be removed before committing. It will be great if we can get a layout test though.

Comment 5 John Cunningham 2021-10-19 20:14:50 PDT

Created attachment 441838 [details]
Patch

Comment 6 John Cunningham 2021-10-19 20:29:11 PDT

Created attachment 441840 [details]
Patch

Comment 7 EWS 2021-10-20 01:09:02 PDT

Committed r284522 (243265@main): <https://commits.webkit.org/243265@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 441840 [details].

Comment 8 Alexey Proskuryakov 2022-02-18 14:51:38 PST

*** Bug 236622 has been marked as a duplicate of this bug. ***