1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
From f67a882170609d15836204a689dc552322fbe653 Mon Sep 17 00:00:00 2001
From: Yogita Urade <yogita.urade@windriver.com>
Date: Wed, 7 Jun 2023 08:15:11 +0000
Subject: [oe-core][kirkstone][PATCH 1/1] RenderElement::updateFillImages
should take pointer arguments like other similar functions
https://bugs.webkit.org/show_bug.cgi?id=247317 rdar://100273147
Reviewed by Alan Baradlay.
* Source/WebCore/rendering/RenderElement.cpp:
(WebCore::RenderElement::updateFillImages):
(WebCore::RenderElement::styleDidChange):
* Source/WebCore/rendering/RenderElement.h:
Canonical link: https://commits.webkit.org/256215@main
CVE: CVE-2022-42867
Upstream-Status: Backport
[https://github.com/WebKit/WebKit/commit/091a04e55c801ac6ba13f4b328fbee2eece853fc]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
Source/WebCore/rendering/RenderElement.cpp | 27 ++++++++++++++--------
Source/WebCore/rendering/RenderElement.h | 2 +-
2 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/Source/WebCore/rendering/RenderElement.cpp b/Source/WebCore/rendering/RenderElement.cpp
index da43bf3d..931686b8 100644
--- a/Source/WebCore/rendering/RenderElement.cpp
+++ b/Source/WebCore/rendering/RenderElement.cpp
@@ -358,7 +358,7 @@ inline bool RenderElement::shouldRepaintForStyleDifference(StyleDifference diff)
return diff == StyleDifference::Repaint || (diff == StyleDifference::RepaintIfTextOrBorderOrOutline && hasImmediateNonWhitespaceTextChildOrBorderOrOutline());
}
-void RenderElement::updateFillImages(const FillLayer* oldLayers, const FillLayer& newLayers)
+void RenderElement::updateFillImages(const FillLayer* oldLayers, const FillLayer* newLayers)
{
auto fillImagesAreIdentical = [](const FillLayer* layer1, const FillLayer* layer2) -> bool {
if (layer1 == layer2)
@@ -379,7 +379,7 @@ void RenderElement::updateFillImages(const FillLayer* oldLayers, const FillLayer
};
auto isRegisteredWithNewFillImages = [&]() -> bool {
- for (auto* layer = &newLayers; layer; layer = layer->next()) {
+ for (auto* layer = newLayers; layer; layer = layer->next()) {
if (layer->image() && !layer->image()->hasClient(*this))
return false;
}
@@ -388,11 +388,11 @@ void RenderElement::updateFillImages(const FillLayer* oldLayers, const FillLayer
// If images have the same characteristics and this element is already registered as a
// client to the new images, there is nothing to do.
- if (fillImagesAreIdentical(oldLayers, &newLayers) && isRegisteredWithNewFillImages())
+ if (fillImagesAreIdentical(oldLayers, newLayers) && isRegisteredWithNewFillImages())
return;
// Add before removing, to avoid removing all clients of an image that is in both sets.
- for (auto* layer = &newLayers; layer; layer = layer->next()) {
+ for (auto* layer = newLayers; layer; layer = layer->next()) {
if (layer->image())
layer->image()->addClient(*this);
}
@@ -937,11 +937,20 @@ static inline bool areCursorsEqual(const RenderStyle* a, const RenderStyle* b)
void RenderElement::styleDidChange(StyleDifference diff, const RenderStyle* oldStyle)
{
- updateFillImages(oldStyle ? &oldStyle->backgroundLayers() : nullptr, m_style.backgroundLayers());
- updateFillImages(oldStyle ? &oldStyle->maskLayers() : nullptr, m_style.maskLayers());
- updateImage(oldStyle ? oldStyle->borderImage().image() : nullptr, m_style.borderImage().image());
- updateImage(oldStyle ? oldStyle->maskBoxImage().image() : nullptr, m_style.maskBoxImage().image());
- updateShapeImage(oldStyle ? oldStyle->shapeOutside() : nullptr, m_style.shapeOutside());
+ auto registerImages = [this](auto* style, auto* oldStyle) {
+ if (!style && !oldStyle)
+ return;
+ updateFillImages(oldStyle ? &oldStyle->backgroundLayers() : nullptr, style ? &style->backgroundLayers() : nullptr);
+ updateFillImages(oldStyle ? &oldStyle->maskLayers() : nullptr, style ? &style->maskLayers() : nullptr);
+ updateImage(oldStyle ? oldStyle->borderImage().image() : nullptr, style ? style->borderImage().image() : nullptr);
+ updateImage(oldStyle ? oldStyle->maskBoxImage().image() : nullptr, style ? style->maskBoxImage().image() : nullptr);
+ updateShapeImage(oldStyle ? oldStyle->shapeOutside() : nullptr, style ? style->shapeOutside() : nullptr);
+ };
+
+ registerImages(&style(), oldStyle);
+
+ // Are there other pseudo-elements that need the resources to be registered?
+ registerImages(style().getCachedPseudoStyle(PseudoId::FirstLine), oldStyle ? oldStyle->getCachedPseudoStyle(PseudoId::FirstLine) : nullptr);
SVGRenderSupport::styleChanged(*this, oldStyle);
diff --git a/Source/WebCore/rendering/RenderElement.h b/Source/WebCore/rendering/RenderElement.h
index f376cecb..d6ba2cdf 100644
--- a/Source/WebCore/rendering/RenderElement.h
+++ b/Source/WebCore/rendering/RenderElement.h
@@ -349,7 +349,7 @@ private:
bool shouldRepaintForStyleDifference(StyleDifference) const;
bool hasImmediateNonWhitespaceTextChildOrBorderOrOutline() const;
- void updateFillImages(const FillLayer*, const FillLayer&);
+ void updateFillImages(const FillLayer*, const FillLayer*);
void updateImage(StyleImage*, StyleImage*);
void updateShapeImage(const ShapeValue*, const ShapeValue*);
--
2.35.5
|
