mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-08-08 09:09:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWeb: Prevent null deref in collapsed whitespace check

Browse source 
The spec even warned us about the reference potentially being null.
This commit is contained in:
Jelle Raaijmakers 2024-12-08 23:10:03 +01:00 committed by Jelle Raaijmakers
commit f88c13a58c
Notes: github-actions[bot] 2024-12-10 13:55:42 +00:00
1 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

18
Libraries/LibWeb/Editing/Internal/Algorithms.cpp
View file

@ -873,20 +873,20 @@ bool is_collapsed_whitespace_node(GC::Ref<DOM::Node> node)
ancestor = ancestor->parent(); ancestor = ancestor->parent();
// 7. Let reference be node. // 7. Let reference be node.
auto reference = node; GC::Ptr<DOM::Node> reference = node;
// 8. While reference is a descendant of ancestor: // 8. While reference is a descendant of ancestor:
while (reference->is_descendant_of(*ancestor)) { while (reference->is_descendant_of(*ancestor)) {
// 1. Let reference be the node before it in tree order. // 1. Let reference be the node before it in tree order.
reference = *reference->previous_in_pre_order(); reference = reference->previous_in_pre_order();
// 2. If reference is a block node or a br, return true. // 2. If reference is a block node or a br, return true.
if (is_block_node(reference) || is<HTML::HTMLBRElement>(*reference)) if (is_block_node(*reference) || is<HTML::HTMLBRElement>(*reference))
return true; return true;
// 3. If reference is a Text node that is not a whitespace node, or is an img, break from // 3. If reference is a Text node that is not a whitespace node, or is an img, break from
// this loop. // this loop.
if ((is<DOM::Text>(*reference) && !is_whitespace_node(reference)) || is<HTML::HTMLImageElement>(*reference)) if ((is<DOM::Text>(*reference) && !is_whitespace_node(*reference)) || is<HTML::HTMLImageElement>(*reference))
break; break;
} }
@ -896,15 +896,19 @@ bool is_collapsed_whitespace_node(GC::Ref<DOM::Node> node)
// 10. While reference is a descendant of ancestor: // 10. While reference is a descendant of ancestor:
while (reference->is_descendant_of(*ancestor)) { while (reference->is_descendant_of(*ancestor)) {
// 1. Let reference be the node after it in tree order, or null if there is no such node. // 1. Let reference be the node after it in tree order, or null if there is no such node.
reference = *reference->next_in_pre_order(); reference = reference->next_in_pre_order();
// NOTE: Both steps below and the loop condition require a reference, so break if it's null.
if (!reference)
break;
// 2. If reference is a block node or a br, return true. // 2. If reference is a block node or a br, return true.
if (is_block_node(reference) || is<HTML::HTMLBRElement>(*reference)) if (is_block_node(*reference) || is<HTML::HTMLBRElement>(*reference))
return true; return true;
// 3. If reference is a Text node that is not a whitespace node, or is an img, break from // 3. If reference is a Text node that is not a whitespace node, or is an img, break from
// this loop. // this loop.
if ((is<DOM::Text>(*reference) && !is_whitespace_node(reference)) || is<HTML::HTMLImageElement>(*reference)) if ((is<DOM::Text>(*reference) && !is_whitespace_node(*reference)) || is<HTML::HTMLImageElement>(*reference))
break; break;
} }