From 719f1db6c9a990f00a77fe143b63c63855dbf6d9 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Sun, 14 May 2023 10:20:03 +0200 Subject: [PATCH] LibWeb: Protect against dereferencing a null pending image request The spec seems to neglect the potential nullity of an image's pending request in various cases. Let's protect against crashing and mark these cases with a FIXME about figuring out whether they are really spec bugs or not. --- Userland/Libraries/LibWeb/HTML/HTMLImageElement.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Userland/Libraries/LibWeb/HTML/HTMLImageElement.cpp b/Userland/Libraries/LibWeb/HTML/HTMLImageElement.cpp index bc3e87b63b..62eac657a8 100644 --- a/Userland/Libraries/LibWeb/HTML/HTMLImageElement.cpp +++ b/Userland/Libraries/LibWeb/HTML/HTMLImageElement.cpp @@ -385,7 +385,10 @@ after_step_6: if (!url_string.is_valid()) { // 1. Abort the image request for the current request and the pending request. m_current_request->abort(realm()); - m_pending_request->abort(realm()); + + // FIXME: Spec bug? Seems like pending request can be null here. + if (m_pending_request) + m_pending_request->abort(realm()); // 2. Set the current request's state to broken. m_current_request->set_state(ImageRequest::State::Broken); @@ -415,7 +418,9 @@ after_step_6: // queue an element task on the DOM manipulation task source given the img element // to restart the animation if restart animation is set, and return. if (url_string == m_current_request->current_url() && m_current_request->state() == ImageRequest::State::PartiallyAvailable) { - m_pending_request->abort(realm()); + // FIXME: Spec bug? Seems like pending request can be null here. + if (m_pending_request) + m_pending_request->abort(realm()); if (restart_animations) { queue_an_element_task(HTML::Task::Source::DOMManipulation, [this] { restart_the_animation();