From 198bb322ef1f52d969b6a5194a1299ac3dfcc593 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Thu, 30 Sep 2021 02:18:30 +0200 Subject: [PATCH] LibWeb: Fix null dereference when assigning an ImageStyleValue via JS When parsing a CSS value in the context of a CSSStyleDeclaration camelCase property setter, we don't necessarily have a Document to provide the CSS parser for context. So the parser can't go assuming that there's always a Document in the ParsingContext. And ImageStyleValue can't go assuming that there's always a Document either. This will require some more work to get things right, I'm just patching up the null dereference for now. --- Userland/Libraries/LibWeb/CSS/Parser/Parser.cpp | 2 +- Userland/Libraries/LibWeb/CSS/StyleValue.cpp | 7 ++++--- Userland/Libraries/LibWeb/CSS/StyleValue.h | 4 ++-- Userland/Libraries/LibWeb/HTML/HTMLBodyElement.cpp | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Userland/Libraries/LibWeb/CSS/Parser/Parser.cpp b/Userland/Libraries/LibWeb/CSS/Parser/Parser.cpp index b1eb35e4dc..7092482db7 100644 --- a/Userland/Libraries/LibWeb/CSS/Parser/Parser.cpp +++ b/Userland/Libraries/LibWeb/CSS/Parser/Parser.cpp @@ -1727,7 +1727,7 @@ RefPtr Parser::parse_image_value(ParsingContext const& context, Styl { auto url = parse_url_function(context, component_value); if (url.has_value()) - return ImageStyleValue::create(url.value(), *context.document()); + return ImageStyleValue::create(url.value(), context.document()); // FIXME: Handle gradients. return {}; diff --git a/Userland/Libraries/LibWeb/CSS/StyleValue.cpp b/Userland/Libraries/LibWeb/CSS/StyleValue.cpp index 7e48f460f1..2960d6f30e 100644 --- a/Userland/Libraries/LibWeb/CSS/StyleValue.cpp +++ b/Userland/Libraries/LibWeb/CSS/StyleValue.cpp @@ -368,12 +368,13 @@ Color IdentifierStyleValue::to_color(Layout::NodeWithStyle const& node) const } } -ImageStyleValue::ImageStyleValue(const AK::URL& url, DOM::Document& document) +ImageStyleValue::ImageStyleValue(const AK::URL& url, DOM::Document* document) : StyleValue(Type::Image) , m_url(url) , m_document(document) { - auto request = LoadRequest::create_for_url_on_page(url, document.page()); + // FIXME: This doesn't work right without a document. + auto request = LoadRequest::create_for_url_on_page(url, document ? document->page() : nullptr); set_resource(ResourceLoader::the().load_resource(Resource::Type::Image, request)); } @@ -383,7 +384,7 @@ void ImageStyleValue::resource_did_load() return; m_bitmap = resource()->bitmap(); // FIXME: Do less than a full repaint if possible? - if (m_document->browsing_context()) + if (m_document && m_document->browsing_context()) m_document->browsing_context()->set_needs_display({}); } } diff --git a/Userland/Libraries/LibWeb/CSS/StyleValue.h b/Userland/Libraries/LibWeb/CSS/StyleValue.h index 0e275546f0..4ab90d8dfc 100644 --- a/Userland/Libraries/LibWeb/CSS/StyleValue.h +++ b/Userland/Libraries/LibWeb/CSS/StyleValue.h @@ -897,7 +897,7 @@ class ImageStyleValue final : public StyleValue , public ImageResourceClient { public: - static NonnullRefPtr create(const AK::URL& url, DOM::Document& document) { return adopt_ref(*new ImageStyleValue(url, document)); } + static NonnullRefPtr create(const AK::URL& url, DOM::Document* document) { return adopt_ref(*new ImageStyleValue(url, document)); } virtual ~ImageStyleValue() override { } String to_string() const override { return String::formatted("Image({})", m_url.to_string()); } @@ -905,7 +905,7 @@ public: const Gfx::Bitmap* bitmap() const { return m_bitmap; } private: - ImageStyleValue(const AK::URL&, DOM::Document&); + ImageStyleValue(const AK::URL&, DOM::Document*); // ^ResourceClient virtual void resource_did_load() override; diff --git a/Userland/Libraries/LibWeb/HTML/HTMLBodyElement.cpp b/Userland/Libraries/LibWeb/HTML/HTMLBodyElement.cpp index 5517f48fff..abaf4ecee1 100644 --- a/Userland/Libraries/LibWeb/HTML/HTMLBodyElement.cpp +++ b/Userland/Libraries/LibWeb/HTML/HTMLBodyElement.cpp @@ -55,7 +55,7 @@ void HTMLBodyElement::parse_attribute(const FlyString& name, const String& value if (color.has_value()) document().set_visited_link_color(color.value()); } else if (name.equals_ignoring_case("background")) { - m_background_style_value = CSS::ImageStyleValue::create(document().parse_url(value), const_cast(document())); + m_background_style_value = CSS::ImageStyleValue::create(document().parse_url(value), &document()); } }