RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 18:18:12 +00:00
Code Issues Activity Actions

LibWeb/CSS: Remove nullpointer dereference in Parser

Browse source 
On platinenmacher.tech there is a document without a window. During
size attribute parsing the window pointer is dereferenced which
causes a crash. This checks for the window to be actually there
before dereferencing.
This commit is contained in:
Bastian Neumann 2024-01-07 16:38:09 +01:00 committed by Sam Atkins
parent 343d6b001f
commit 7d63b8b95f
2 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Userland/Libraries/LibWeb/CSS/Parser/Parser.cpp
View file

@ -6648,7 +6648,8 @@ LengthOrCalculated Parser::Parser::parse_as_sizes_attribute()
// If it does not parse correctly, or it does parse correctly but the <media-condition> evaluates to false, continue.
TokenStream<ComponentValue> token_stream { unparsed_size };
auto media_condition = parse_media_condition(token_stream, MediaCondition::AllowOr::Yes);
if (media_condition && media_condition->evaluate(*m_context.window()) == MatchResult::True) {
auto context_window = m_context.window();
if (context_window && media_condition && media_condition->evaluate(*context_window) == MatchResult::True) {
return size.value();
} else {
continue;