Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1801543002:
HTMLImageElement::cachedImage() may return null in ImageDocument construction (Closed)
|
Created:
4 years, 9 months ago by yhirano Modified:
4 years, 9 months ago Reviewers:
Nate Chapin Base URL:
https://chromium.googlesource.com/chromium/src.git@master Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionHTMLImageElement::cachedImage() may return null in ImageDocument construction
This is a speculative fix for a crash.
BUG=594467
Committed: https://crrev.com/bf1150eba29bcb1f20ca5a98d1098ed778fc1c27
Cr-Commit-Position: refs/heads/master@{#381893}
Patch Set 1 #
Total comments: 2
Messages
Total messages: 16 (7 generated)
Description was changed from ========== HTMLImageElement::cachedImage() can return null in ImageDocument construction BUG=594467 ========== to ========== HTMLImageElement::cachedImage() may return null in ImageDocument construction This is a speculative fix for a crash. BUG=594467 ==========
yhirano@chromium.org changed reviewers: + japhet@chromium.org
https://codereview.chromium.org/1801543002/diff/1/third_party/WebKit/Source/c... File third_party/WebKit/Source/core/html/ImageDocument.cpp (right): https://codereview.chromium.org/1801543002/diff/1/third_party/WebKit/Source/c... third_party/WebKit/Source/core/html/ImageDocument.cpp:230: if (loader() && m_imageElement->cachedImage()) Do we know why this can be null? It's not immediately obvious to me how that can happen.
https://codereview.chromium.org/1801543002/diff/1/third_party/WebKit/Source/c... File third_party/WebKit/Source/core/html/ImageDocument.cpp (right): https://codereview.chromium.org/1801543002/diff/1/third_party/WebKit/Source/c... third_party/WebKit/Source/core/html/ImageDocument.cpp:230: if (loader() && m_imageElement->cachedImage()) On 2016/03/15 21:27:53, Nate Chapin wrote: > Do we know why this can be null? It's not immediately obvious to me how that can > happen. ImageResource::fetch can return null. In ImageLoader[1] we are checking it after creating an ImageResource which is the ImageResource returned from m_imageElement->cachedImage(). I can create a crashing example locally with devtool's experimental "URL blocking" functionality[2], though adding a layout test looks difficult. 1: https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit... 2: https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit...
On 2016/03/16 08:40:48, yhirano wrote: > https://codereview.chromium.org/1801543002/diff/1/third_party/WebKit/Source/c... > File third_party/WebKit/Source/core/html/ImageDocument.cpp (right): > > https://codereview.chromium.org/1801543002/diff/1/third_party/WebKit/Source/c... > third_party/WebKit/Source/core/html/ImageDocument.cpp:230: if (loader() && > m_imageElement->cachedImage()) > On 2016/03/15 21:27:53, Nate Chapin wrote: > > Do we know why this can be null? It's not immediately obvious to me how that > can > > happen. > > ImageResource::fetch can return null. In ImageLoader[1] we are checking it after > creating an ImageResource which is the ImageResource returned from > m_imageElement->cachedImage(). > > I can create a crashing example locally with devtool's experimental "URL > blocking" functionality[2], though adding a layout test looks difficult. > > 1: > https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit... > 2: > https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit... Ok, LGTM. I wonder if this always requires inspector hacks, since I'd expect it to be relatively difficult to get a null result from ImageResource::fetch for an ImageDocument.
The CQ bit was checked by yhirano@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1801543002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1801543002/1
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: android_chromium_gn_compile_dbg on tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_chro...) cast_shell_android on tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/cast_shell_a...)
The CQ bit was checked by yhirano@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1801543002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1801543002/1
Message was sent while issue was closed.
Description was changed from ========== HTMLImageElement::cachedImage() may return null in ImageDocument construction This is a speculative fix for a crash. BUG=594467 ========== to ========== HTMLImageElement::cachedImage() may return null in ImageDocument construction This is a speculative fix for a crash. BUG=594467 ==========
Message was sent while issue was closed.
Committed patchset #1 (id:1)
Message was sent while issue was closed.
Description was changed from ========== HTMLImageElement::cachedImage() may return null in ImageDocument construction This is a speculative fix for a crash. BUG=594467 ========== to ========== HTMLImageElement::cachedImage() may return null in ImageDocument construction This is a speculative fix for a crash. BUG=594467 Committed: https://crrev.com/bf1150eba29bcb1f20ca5a98d1098ed778fc1c27 Cr-Commit-Position: refs/heads/master@{#381893} ==========
Message was sent while issue was closed.
Patchset 1 (id:??) landed as https://crrev.com/bf1150eba29bcb1f20ca5a98d1098ed778fc1c27 Cr-Commit-Position: refs/heads/master@{#381893} |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
