291540 – Web Content Process crashes on model element creation when calling contentSize()

RESOLVED FIXED291540

Web Content Process crashes on model element creation when calling contentSize()

https://bugs.webkit.org/show_bug.cgi?id=291540

Summary Web Content Process crashes on model element creation when calling contentSize()

Aleksei Marchenko

Reported 2025-04-14 15:28:31 PDT

The problem happens because HTMLModelElement::contentSize() assume that renderer() is always available but it is not the case. We need to validate the renderer before asking for size.

Attachments
Add attachment proposed patch, testcase, etc.

Aleksei Marchenko

Comment 1 2025-04-14 16:15:53 PDT

<rdar://problem/149030547>

Aleksei Marchenko

Comment 2 2025-04-14 16:16:10 PDT

Pull request: https://github.com/WebKit/WebKit/pull/44074

EWS

Comment 3 2025-04-15 13:16:09 PDT

Committed 293725@main (026d4a3a9764): <https://commits.webkit.org/293725@main> Reviewed commits have been landed. Closing PR #44074 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P1

Severity Normal

Classification Unclassified

Version Other

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2025-04-14 15:28 PDT

Modified

2025-04-15 13:16 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks