Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(359)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/css/CSSCursorImageValue.cpp

Issue 1607733004: Fix crash when using disallowed URLs in image sets for content CSS property (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/css/content-image-set-disallowed-url-crash.html ('k') | third_party/WebKit/Source/core/css/CSSImageSetValue.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006 Rob Buis <buis@kde.org> 2 * Copyright (C) 2006 Rob Buis <buis@kde.org>
3 * (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> 3 * (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>
4 * Copyright (C) 2008 Apple Inc. All rights reserved. 4 * Copyright (C) 2008 Apple Inc. All rights reserved.
5 * 5 *
6 * This library is free software; you can redistribute it and/or 6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Library General Public 7 * modify it under the terms of the GNU Library General Public
8 * License as published by the Free Software Foundation; either 8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version. 9 * version 2 of the License, or (at your option) any later version.
10 * 10 *
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after
121 if (m_imageValue->isImageSetValue()) 121 if (m_imageValue->isImageSetValue())
122 return toCSSImageSetValue(*m_imageValue).isCachePending(deviceScaleFacto r); 122 return toCSSImageSetValue(*m_imageValue).isCachePending(deviceScaleFacto r);
123 return m_isCachePending; 123 return m_isCachePending;
124 } 124 }
125 125
126 StyleImage* CSSCursorImageValue::cachedImage(float deviceScaleFactor) const 126 StyleImage* CSSCursorImageValue::cachedImage(float deviceScaleFactor) const
127 { 127 {
128 ASSERT(!isCachePending(deviceScaleFactor)); 128 ASSERT(!isCachePending(deviceScaleFactor));
129 129
130 if (m_imageValue->isImageSetValue()) 130 if (m_imageValue->isImageSetValue())
131 return toCSSImageSetValue(*m_imageValue).cachedImageSet(deviceScaleFacto r); 131 return toCSSImageSetValue(*m_imageValue).cachedImage(deviceScaleFactor);
132 return m_cachedImage.get(); 132 return m_cachedImage.get();
133 } 133 }
134 134
135 StyleImage* CSSCursorImageValue::cacheImage(Document* document, float deviceScal eFactor) 135 StyleImage* CSSCursorImageValue::cacheImage(Document* document, float deviceScal eFactor)
136 { 136 {
137 if (m_imageValue->isImageSetValue()) 137 if (m_imageValue->isImageSetValue())
138 return toCSSImageSetValue(*m_imageValue).cacheImageSet(document, deviceS caleFactor); 138 return toCSSImageSetValue(*m_imageValue).cacheImage(document, deviceScal eFactor);
139 139
140 if (m_isCachePending) { 140 if (m_isCachePending) {
141 m_isCachePending = false; 141 m_isCachePending = false;
142 142
143 // For SVG images we need to lazily substitute in the correct URL. Rathe r than attempt 143 // For SVG images we need to lazily substitute in the correct URL. Rathe r than attempt
144 // to change the URL of the CSSImageValue (which would then change behav ior like cssText), 144 // to change the URL of the CSSImageValue (which would then change behav ior like cssText),
145 // we create an alternate CSSImageValue to use. 145 // we create an alternate CSSImageValue to use.
146 if (isSVGCursor() && document) { 146 if (isSVGCursor() && document) {
147 RefPtrWillBeRawPtr<CSSImageValue> imageValue = toCSSImageValue(m_ima geValue.get()); 147 RefPtrWillBeRawPtr<CSSImageValue> imageValue = toCSSImageValue(m_ima geValue.get());
148 // FIXME: This will fail if the <cursor> element is in a shadow DOM (bug 59827) 148 // FIXME: This will fail if the <cursor> element is in a shadow DOM (bug 59827)
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
200 } 200 }
201 201
202 DEFINE_TRACE_AFTER_DISPATCH(CSSCursorImageValue) 202 DEFINE_TRACE_AFTER_DISPATCH(CSSCursorImageValue)
203 { 203 {
204 visitor->trace(m_imageValue); 204 visitor->trace(m_imageValue);
205 visitor->trace(m_cachedImage); 205 visitor->trace(m_cachedImage);
206 CSSValue::traceAfterDispatch(visitor); 206 CSSValue::traceAfterDispatch(visitor);
207 } 207 }
208 208
209 } // namespace blink 209 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/css/content-image-set-disallowed-url-crash.html ('k') | third_party/WebKit/Source/core/css/CSSImageSetValue.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698