From 8f0b7fa370669f5750d1e3a6d9b26a6fe6eb5655 Mon Sep 17 00:00:00 2001 From: Timothy Flynn Date: Thu, 27 Apr 2023 09:03:49 -0400 Subject: [PATCH] LibWeb: Verify that a node has styled properties in its styled accessors For example, it's possible to access Node::computed_values() on a node that neither has style nor a parent with style. This ultimately results in a null pointer dereference when we return parent()->computed_values() as a fallback. This can be a little tricky to track down due to these functions being inlined, so add an explicit verification. --- Userland/Libraries/LibWeb/Layout/Node.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Userland/Libraries/LibWeb/Layout/Node.h b/Userland/Libraries/LibWeb/Layout/Node.h index 1022f2bfc9..f5b69f0d92 100644 --- a/Userland/Libraries/LibWeb/Layout/Node.h +++ b/Userland/Libraries/LibWeb/Layout/Node.h @@ -71,6 +71,7 @@ public: DeprecatedString debug_description() const; bool has_style() const { return m_has_style; } + bool has_style_or_parent_with_style() const; virtual bool can_have_children() const { return true; } @@ -233,8 +234,15 @@ private: template<> inline bool Node::fast_is() const { return is_node_with_style_and_box_model_metrics(); } +inline bool Node::has_style_or_parent_with_style() const +{ + return m_has_style || (parent() != nullptr && parent()->has_style_or_parent_with_style()); +} + inline Gfx::Font const& Node::font() const { + VERIFY(has_style_or_parent_with_style()); + if (m_has_style) return static_cast(this)->font(); return parent()->font(); @@ -247,6 +255,8 @@ inline Gfx::Font const& Node::scaled_font(PaintContext& context) const inline const CSS::ImmutableComputedValues& Node::computed_values() const { + VERIFY(has_style_or_parent_with_style()); + if (m_has_style) return static_cast(this)->computed_values(); return parent()->computed_values(); @@ -254,6 +264,8 @@ inline const CSS::ImmutableComputedValues& Node::computed_values() const inline CSSPixels Node::line_height() const { + VERIFY(has_style_or_parent_with_style()); + if (m_has_style) return static_cast(this)->line_height(); return parent()->line_height();