From 2b269d4a495009871438a70737162056af6995dc Mon Sep 17 00:00:00 2001
From: Matthew Olsson <matthewcolsson@gmail.com>
Date: Tue, 25 Apr 2023 18:29:13 -0700
Subject: [PATCH] LibWeb: Fix a blatant nullptr dereference in
 ReadableStreamGenericReader

---
 .../LibWeb/Streams/ReadableStreamDefaultReader.cpp     |  1 +
 .../LibWeb/Streams/ReadableStreamGenericReader.cpp     | 10 +++++++---
 .../LibWeb/Streams/ReadableStreamGenericReader.h       |  4 ++++
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/Userland/Libraries/LibWeb/Streams/ReadableStreamDefaultReader.cpp b/Userland/Libraries/LibWeb/Streams/ReadableStreamDefaultReader.cpp
index fed654546f..443a12f52c 100644
--- a/Userland/Libraries/LibWeb/Streams/ReadableStreamDefaultReader.cpp
+++ b/Userland/Libraries/LibWeb/Streams/ReadableStreamDefaultReader.cpp
@@ -32,6 +32,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<ReadableStreamDefaultReader>> ReadableStrea
 
 ReadableStreamDefaultReader::ReadableStreamDefaultReader(JS::Realm& realm)
     : Bindings::PlatformObject(realm)
+    , ReadableStreamGenericReaderMixin(realm)
 {
 }
 
diff --git a/Userland/Libraries/LibWeb/Streams/ReadableStreamGenericReader.cpp b/Userland/Libraries/LibWeb/Streams/ReadableStreamGenericReader.cpp
index 3679f85dc2..56824f0b70 100644
--- a/Userland/Libraries/LibWeb/Streams/ReadableStreamGenericReader.cpp
+++ b/Userland/Libraries/LibWeb/Streams/ReadableStreamGenericReader.cpp
@@ -26,9 +26,8 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Promise>> ReadableStreamGenericReaderMi
 {
     // 1. If this.[[stream]] is undefined, return a promise rejected with a TypeError exception.
     if (!m_stream) {
-        auto& realm = stream()->realm();
-        auto exception = MUST_OR_THROW_OOM(JS::TypeError::create(realm, "No stream present to cancel"sv));
-        auto promise_capability = WebIDL::create_rejected_promise(realm, exception);
+        auto exception = MUST_OR_THROW_OOM(JS::TypeError::create(m_realm, "No stream present to cancel"sv));
+        auto promise_capability = WebIDL::create_rejected_promise(m_realm, exception);
         return JS::NonnullGCPtr { verify_cast<JS::Promise>(*promise_capability->promise().ptr()) };
     }
 
@@ -37,6 +36,11 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Promise>> ReadableStreamGenericReaderMi
     return JS::NonnullGCPtr { verify_cast<JS::Promise>(*promise_capability->promise().ptr()) };
 }
 
+ReadableStreamGenericReaderMixin::ReadableStreamGenericReaderMixin(JS::Realm& realm)
+    : m_realm(realm)
+{
+}
+
 void ReadableStreamGenericReaderMixin::visit_edges(JS::Cell::Visitor& visitor)
 {
     visitor.visit(m_closed_promise);
diff --git a/Userland/Libraries/LibWeb/Streams/ReadableStreamGenericReader.h b/Userland/Libraries/LibWeb/Streams/ReadableStreamGenericReader.h
index 2934c18724..bfca9f5ceb 100644
--- a/Userland/Libraries/LibWeb/Streams/ReadableStreamGenericReader.h
+++ b/Userland/Libraries/LibWeb/Streams/ReadableStreamGenericReader.h
@@ -32,6 +32,8 @@ public:
     virtual bool is_default_reader() const { return false; }
 
 protected:
+    explicit ReadableStreamGenericReaderMixin(JS::Realm&);
+
     void visit_edges(JS::Cell::Visitor&);
 
     // https://streams.spec.whatwg.org/#readablestreamgenericreader-closedpromise
@@ -41,6 +43,8 @@ protected:
     // https://streams.spec.whatwg.org/#readablestreamgenericreader-stream
     // A ReadableStream instance that owns this reader
     JS::GCPtr<ReadableStream> m_stream;
+
+    JS::Realm& m_realm;
 };
 
 }