mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-30 00:31:14 +00:00
LibWeb: Do not crash inside SVGDecodedImageData on invalid SVG input
Return error when input svg is not valid and SVGSVGElement is not present in the tree instead of doing svg_root nullptr dereference. Fixes crash on https://apps.kde.org/en-gb/
This commit is contained in:
Aliaksandr Kalenik
Andreas Kling
parent
33dbfa3281
commit
8c980cf75b
Notes:
sideshowbarker
2024-07-17 01:46:00 +09:00
Author: https://github.com/kalenikaliaksandr Commit: https://github.com/SerenityOS/serenity/commit/8c980cf75b Pull-request: https://github.com/SerenityOS/serenity/pull/19538
|
|
@ -0,0 +1,4 @@
|
|||
Viewport <#document> at (0,0) content-size 800x600 children: not-inline
|
||||
BlockContainer <html> at (0,0) content-size 800x48 [BFC] children: not-inline
|
||||
BlockContainer <body> at (8,8) content-size 784x32 children: not-inline
|
||||
ImageBox <img> at (8,8) content-size 16x32 children: not-inline
|
||||
1
Tests/LibWeb/Layout/input/svg/svg-as-image-invalid.html
Normal file
1
Tests/LibWeb/Layout/input/svg/svg-as-image-invalid.html
Normal file
|
|
@ -0,0 +1 @@
|
|||
<!doctype html><img src="data:image/svg+xml;,some-garbage" style="display: block">
|
||||
|
|
@ -70,6 +70,9 @@ ErrorOr<NonnullRefPtr<SVGDecodedImageData>> SVGDecodedImageData::create(Page& ho
|
|||
// Perform some DOM surgery to make the SVG root element be the first child of the Document.
|
||||
// FIXME: This is a huge hack until we figure out how to actually parse separate SVG files.
|
||||
auto* svg_root = document->body()->first_child_of_type<SVG::SVGSVGElement>();
|
||||
if (!svg_root)
|
||||
return Error::from_string_literal("SVGDecodedImageData: Invalid SVG input");
|
||||
|
||||
svg_root->remove();
|
||||
document->remove_all_children();
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue