From 438bb5616065edb7908a4fa8b417a898d24bfdb0 Mon Sep 17 00:00:00 2001
From: Tim Ledbetter <tim.ledbetter@ladybird.org>
Date: Wed, 9 Jul 2025 21:44:21 +0100
Subject: [PATCH] LibWeb/SVG: Don't crash when a filter has no valid effects

---
 Libraries/LibWeb/Layout/Node.cpp                     |  2 +-
 Libraries/LibWeb/SVG/SVGFilterElement.cpp            |  4 ++--
 Libraries/LibWeb/SVG/SVGFilterElement.h              |  2 +-
 .../LibWeb/Text/expected/SVG/empty-filter-crash.txt  |  1 +
 Tests/LibWeb/Text/input/SVG/empty-filter-crash.html  | 12 ++++++++++++
 5 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 Tests/LibWeb/Text/expected/SVG/empty-filter-crash.txt
 create mode 100644 Tests/LibWeb/Text/input/SVG/empty-filter-crash.html

diff --git a/Libraries/LibWeb/Layout/Node.cpp b/Libraries/LibWeb/Layout/Node.cpp
index c030fce20fa..4a3a99ade51 100644
--- a/Libraries/LibWeb/Layout/Node.cpp
+++ b/Libraries/LibWeb/Layout/Node.cpp
@@ -653,7 +653,7 @@ void NodeWithStyle::apply_style(CSS::ComputedProperties const& computed_style)
                         return;
 
                     if (auto* filter_element = as_if<SVG::SVGFilterElement>(*maybe_filter)) {
-                        Optional<Gfx::Filter> new_filter = filter_element->gfx_filter();
+                        auto new_filter = filter_element->gfx_filter();
 
                         if (!new_filter.has_value())
                             return;
diff --git a/Libraries/LibWeb/SVG/SVGFilterElement.cpp b/Libraries/LibWeb/SVG/SVGFilterElement.cpp
index 81bb903cfe6..ea66febeedc 100644
--- a/Libraries/LibWeb/SVG/SVGFilterElement.cpp
+++ b/Libraries/LibWeb/SVG/SVGFilterElement.cpp
@@ -73,7 +73,7 @@ void SVGFilterElement::attribute_changed(FlyString const& name, Optional<String>
         m_primitive_units = AttributeParser::parse_units(value.value_or({}));
 }
 
-Gfx::Filter SVGFilterElement::gfx_filter()
+Optional<Gfx::Filter> SVGFilterElement::gfx_filter()
 {
     HashMap<String, Gfx::Filter> result_map;
     Optional<Gfx::Filter> root_filter;
@@ -146,7 +146,7 @@ Gfx::Filter SVGFilterElement::gfx_filter()
         return IterationDecision::Continue;
     });
 
-    return *root_filter;
+    return root_filter;
 }
 
 // https://drafts.fxtf.org/filter-effects/#element-attrdef-filter-filterunits
diff --git a/Libraries/LibWeb/SVG/SVGFilterElement.h b/Libraries/LibWeb/SVG/SVGFilterElement.h
index e6311d2d694..6596a8c1ace 100644
--- a/Libraries/LibWeb/SVG/SVGFilterElement.h
+++ b/Libraries/LibWeb/SVG/SVGFilterElement.h
@@ -31,7 +31,7 @@ public:
 
     virtual void attribute_changed(FlyString const& name, Optional<String> const& old_value, Optional<String> const& value, Optional<FlyString> const& namespace_) override;
 
-    Gfx::Filter gfx_filter();
+    Optional<Gfx::Filter> gfx_filter();
 
     GC::Ref<SVGAnimatedEnumeration> filter_units() const;
     GC::Ref<SVGAnimatedEnumeration> primitive_units() const;
diff --git a/Tests/LibWeb/Text/expected/SVG/empty-filter-crash.txt b/Tests/LibWeb/Text/expected/SVG/empty-filter-crash.txt
new file mode 100644
index 00000000000..aaecaf93c4a
--- /dev/null
+++ b/Tests/LibWeb/Text/expected/SVG/empty-filter-crash.txt
@@ -0,0 +1 @@
+PASS (didn't crash)
diff --git a/Tests/LibWeb/Text/input/SVG/empty-filter-crash.html b/Tests/LibWeb/Text/input/SVG/empty-filter-crash.html
new file mode 100644
index 00000000000..e2a7dcc5874
--- /dev/null
+++ b/Tests/LibWeb/Text/input/SVG/empty-filter-crash.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<svg>
+    <filter id="empty"></filter>
+    <g filter="url(#empty)"/>
+</svg>
+<script src="../include.js"></script>
+<script>
+    // FIXME: This should be a crash test.
+    test(() => {
+        println("PASS (didn't crash)");
+    })
+</script>