<rdar://93714107>
Created attachment 460101 [details] [fast-cq]Patch
Comment on attachment 460101 [details] [fast-cq]Patch View in context: https://bugs.webkit.org/attachment.cgi?id=460101&action=review > Source/WebCore/rendering/RenderImageResource.cpp:67 > + // removeClient may have destroyed the renderer. Don't we still want to set the m_cachedimage value below (even though the existing renderer was possible destroyed)?
Comment on attachment 460101 [details] [fast-cq]Patch View in context: https://bugs.webkit.org/attachment.cgi?id=460101&action=review >> Source/WebCore/rendering/RenderImageResource.cpp:67 >> + // removeClient may have destroyed the renderer. > > Don't we still want to set the m_cachedimage value below (even though the existing renderer was possible destroyed)? I spoke to Alan offline. If 'm_renderer' is nullptr, we expect 'this' to be nullptr as well, so we should early return.
Committed r295393 (251399@main): <https://commits.webkit.org/251399@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 460101 [details].
*** Bug 241512 has been marked as a duplicate of this bug. ***
Bug 241512 has a user-visible symptom, suggesting that we could create a layout test for this patch.
(In reply to Simon Fraser (smfr) from comment #6) > Bug 241512 has a user-visible symptom, suggesting that we could create a > layout test for this patch. That would be awesome given the speculative nature of this fix.
Yeah I can repro it (and it's <rdar://94689000>)