Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(375)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/css/CSSImageSetValue.cpp

Issue 1607733004: Fix crash when using disallowed URLs in image sets for content CSS property (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/css/CSSImageSetValue.h ('k') | third_party/WebKit/Source/core/css/resolver/ElementStyleResources.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/css/CSSImageSetValue.cpp
diff --git a/third_party/WebKit/Source/core/css/CSSImageSetValue.cpp b/third_party/WebKit/Source/core/css/CSSImageSetValue.cpp
index 7e25d9246477021d72f3735f61994d13f5f32166..b68a44a5e156a534db3a60632aa1602f4b0581bb 100644
--- a/third_party/WebKit/Source/core/css/CSSImageSetValue.cpp
+++ b/third_party/WebKit/Source/core/css/CSSImageSetValue.cpp
@@ -34,6 +34,7 @@
#include "core/fetch/ResourceFetcher.h"
#include "core/fetch/ResourceLoaderOptions.h"
#include "core/style/StyleFetchedImageSet.h"
+#include "core/style/StyleInvalidImage.h"
#include "platform/weborigin/KURL.h"
#include "platform/weborigin/SecurityPolicy.h"
#include "wtf/text/StringBuilder.h"
@@ -43,7 +44,6 @@ namespace blink {
CSSImageSetValue::CSSImageSetValue()
: CSSValueList(ImageSetClass, CommaSeparator)
- , m_isCachePending(true)
, m_cachedScaleFactor(1)
{
}
@@ -51,8 +51,8 @@ CSSImageSetValue::CSSImageSetValue()
CSSImageSetValue::~CSSImageSetValue()
{
#if !ENABLE(OILPAN)
- if (m_cachedImageSet)
- m_cachedImageSet->clearImageSetValue();
+ if (m_cachedImage && m_cachedImage->isImageResourceSet())
+ toStyleFetchedImageSet(*m_cachedImage).clearImageSetValue();
#endif
}
@@ -95,23 +95,23 @@ CSSImageSetValue::ImageWithScale CSSImageSetValue::bestImageForScaleFactor(float
bool CSSImageSetValue::isCachePending(float deviceScaleFactor) const
{
- return m_isCachePending || deviceScaleFactor != m_cachedScaleFactor;
+ return !m_cachedImage || deviceScaleFactor != m_cachedScaleFactor;
}
-StyleFetchedImageSet* CSSImageSetValue::cachedImageSet(float deviceScaleFactor) const
+StyleImage* CSSImageSetValue::cachedImage(float deviceScaleFactor) const
{
ASSERT(!isCachePending(deviceScaleFactor));
- return m_cachedImageSet.get();
+ return m_cachedImage.get();
}
-StyleFetchedImageSet* CSSImageSetValue::cacheImageSet(Document* document, float deviceScaleFactor, CrossOriginAttributeValue crossOrigin)
+StyleImage* CSSImageSetValue::cacheImage(Document* document, float deviceScaleFactor, CrossOriginAttributeValue crossOrigin)
{
ASSERT(document);
if (!m_imagesInSet.size())
fillImageSet();
- if (m_isCachePending || deviceScaleFactor != m_cachedScaleFactor) {
+ if (isCachePending(deviceScaleFactor)) {
// FIXME: In the future, we want to take much more than deviceScaleFactor into acount here.
// All forms of scale should be included: Page::pageScaleFactor(), LocalFrame::pageZoomFactor(),
// and any CSS transforms. https://bugs.webkit.org/show_bug.cgi?id=81698
@@ -122,14 +122,14 @@ StyleFetchedImageSet* CSSImageSetValue::cacheImageSet(Document* document, float
if (crossOrigin != CrossOriginAttributeNotSet)
request.setCrossOriginAccessControl(document->securityOrigin(), crossOrigin);
- if (ResourcePtr<ImageResource> cachedImage = ImageResource::fetch(request, document->fetcher())) {
- m_cachedImageSet = StyleFetchedImageSet::create(cachedImage.get(), image.scaleFactor, this, request.url());
- m_cachedScaleFactor = deviceScaleFactor;
- m_isCachePending = false;
- }
+ if (ResourcePtr<ImageResource> cachedImage = ImageResource::fetch(request, document->fetcher()))
+ m_cachedImage = StyleFetchedImageSet::create(cachedImage.get(), image.scaleFactor, this, request.url());
+ else
+ m_cachedImage = StyleInvalidImage::create(image.imageURL);
+ m_cachedScaleFactor = deviceScaleFactor;
}
- return m_cachedImageSet.get();
+ return m_cachedImage.get();
}
String CSSImageSetValue::customCSSText() const
@@ -164,16 +164,16 @@ String CSSImageSetValue::customCSSText() const
bool CSSImageSetValue::hasFailedOrCanceledSubresources() const
{
- if (!m_cachedImageSet)
+ if (!m_cachedImage)
return false;
- if (Resource* cachedResource = m_cachedImageSet->cachedImage())
+ if (Resource* cachedResource = m_cachedImage->cachedImage())
return cachedResource->loadFailedOrCanceled();
return true;
}
DEFINE_TRACE_AFTER_DISPATCH(CSSImageSetValue)
{
- visitor->trace(m_cachedImageSet);
+ visitor->trace(m_cachedImage);
CSSValueList::traceAfterDispatch(visitor);
}
« no previous file with comments | « third_party/WebKit/Source/core/css/CSSImageSetValue.h ('k') | third_party/WebKit/Source/core/css/resolver/ElementStyleResources.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698