Bug 219651

Summary:

REGRESSION(r254841): Possible null pointer reference in BitmapImage::preTransformedNativeImageForCurrentFrame()

Product:

WebKit

Reporter:

Said Abou-Hallawa <sabouhallawa>

Component:

Images

Assignee:

Said Abou-Hallawa <sabouhallawa>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

simon.fraser, thorton, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Description Said Abou-Hallawa 2020-12-08 12:31:45 PST

This function was added in r254841 under the name BitmapImage::nativeImageForCurrentFrameRespectingOrientation() without checking whether the resulted image of nativeImageForCurrentFrame() is null or not. If the ImageSource is corrupted, the decoder might return a null PlatformImagePtr for the current frame. And if this happens most likely ImageSource::densityCorrectedSize() will return WTF::nullopt also. In this case, we end up calling GraphicsContext::drawPlatformImage() with a null PlatformImagePtr.

Comment 1 Said Abou-Hallawa 2020-12-08 12:43:49 PST

<rdar://problem/71907384>

Comment 2 Said Abou-Hallawa 2020-12-08 13:09:39 PST

Created attachment 415666 [details]
Patch

Comment 3 EWS 2020-12-08 16:11:06 PST

Committed r270562: <https://trac.webkit.org/changeset/270562>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 415666 [details].