LibWeb: Fix null dereference when assigning an ImageStyleValue via JS

When parsing a CSS value in the context of a CSSStyleDeclaration camelCase property setter, we don't necessarily have a Document to provide the CSS parser for context. So the parser can't go assuming that there's always a Document in the ParsingContext. And ImageStyleValue can't go assuming that there's always a Document either. This will require some more work to get things right, I'm just patching up the null dereference for now.
2025-10-31 14:32:46 +00:00 · 2021-09-30 02:18:30 +02:00 · 2021-09-30 02:18:30 +02:00 · 198bb322ef
commit 198bb322ef
parent 3006e15c94
4 changed files with 8 additions and 7 deletions
--- a/Userland/Libraries/LibWeb/CSS/Parser/Parser.cpp
+++ b/Userland/Libraries/LibWeb/CSS/Parser/Parser.cpp
@ -1727,7 +1727,7 @@ RefPtr<StyleValue> Parser::parse_image_value(ParsingContext const& context, Styl
 {
    auto url = parse_url_function(context, component_value);
    if (url.has_value())
-        return ImageStyleValue::create(url.value(), *context.document());
+        return ImageStyleValue::create(url.value(), context.document());
    // FIXME: Handle gradients.
    return {};
--- a/Userland/Libraries/LibWeb/CSS/StyleValue.cpp
+++ b/Userland/Libraries/LibWeb/CSS/StyleValue.cpp
@ -368,12 +368,13 @@ Color IdentifierStyleValue::to_color(Layout::NodeWithStyle const& node) const
    }
 }
-ImageStyleValue::ImageStyleValue(const AK::URL& url, DOM::Document& document)
+ImageStyleValue::ImageStyleValue(const AK::URL& url, DOM::Document* document)
    : StyleValue(Type::Image)
    , m_url(url)
    , m_document(document)
 {
-    auto request = LoadRequest::create_for_url_on_page(url, document.page());
+    // FIXME: This doesn't work right without a document.
    auto request = LoadRequest::create_for_url_on_page(url, document ? document->page() : nullptr);
    set_resource(ResourceLoader::the().load_resource(Resource::Type::Image, request));
 }
@ -383,7 +384,7 @@ void ImageStyleValue::resource_did_load()
        return;
    m_bitmap = resource()->bitmap();
    // FIXME: Do less than a full repaint if possible?
-    if (m_document->browsing_context())
+    if (m_document && m_document->browsing_context())
        m_document->browsing_context()->set_needs_display({});
 }
 }
--- a/Userland/Libraries/LibWeb/CSS/StyleValue.h
+++ b/Userland/Libraries/LibWeb/CSS/StyleValue.h
@ -897,7 +897,7 @@ class ImageStyleValue final
    : public StyleValue
    , public ImageResourceClient {
 public:
-    static NonnullRefPtr<ImageStyleValue> create(const AK::URL& url, DOM::Document& document) { return adopt_ref(*new ImageStyleValue(url, document)); }
+    static NonnullRefPtr<ImageStyleValue> create(const AK::URL& url, DOM::Document* document) { return adopt_ref(*new ImageStyleValue(url, document)); }
    virtual ~ImageStyleValue() override { }
    String to_string() const override { return String::formatted("Image({})", m_url.to_string()); }
@ -905,7 +905,7 @@ public:
    const Gfx::Bitmap* bitmap() const { return m_bitmap; }
 private:
-    ImageStyleValue(const AK::URL&, DOM::Document&);
+    ImageStyleValue(const AK::URL&, DOM::Document*);
    // ^ResourceClient
    virtual void resource_did_load() override;
--- a/Userland/Libraries/LibWeb/HTML/HTMLBodyElement.cpp
+++ b/Userland/Libraries/LibWeb/HTML/HTMLBodyElement.cpp
@ -55,7 +55,7 @@ void HTMLBodyElement::parse_attribute(const FlyString& name, const String& value
        if (color.has_value())
            document().set_visited_link_color(color.value());
    } else if (name.equals_ignoring_case("background")) {
-        m_background_style_value = CSS::ImageStyleValue::create(document().parse_url(value), const_cast<DOM::Document&>(document()));
+        m_background_style_value = CSS::ImageStyleValue::create(document().parse_url(value), &document());
    }
 }