RenderImageResource::hasImage is redundant and RenderImageResourceStyleImage's override is incorrect. https://bugs.webkit.org/show_bug.cgi?id=172010 <rdar://problem/31086735> Reviewed by Simon Fraser. Source/WebCore: RenderImageResourceStyleImage::hasImage() always returns true even when ::cachedImage() returns nullptr (e.g. image is pending). Remove it and use cachedImage() instead. Test: fast/images/missing-content-image-crash.html * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::didAttachRenderers): * rendering/RenderImage.cpp: (WebCore::RenderImage::updateIntrinsicSizeIfNeeded): (WebCore::RenderImage::isShowingMissingOrImageError): (WebCore::RenderImage::hasNonBitmapImage): (WebCore::RenderImage::paintReplaced): (WebCore::RenderImage::paintIntoRect): (WebCore::RenderImage::foregroundIsKnownToBeOpaqueInRect): * rendering/RenderImageResource.h: (WebCore::RenderImageResource::cachedImage): (WebCore::RenderImageResource::hasImage): Deleted. * rendering/RenderImageResourceStyleImage.h: * rendering/svg/RenderSVGImage.cpp: (WebCore::RenderSVGImage::paint): * svg/SVGImageElement.cpp: (WebCore::SVGImageElement::hasSingleSecurityOrigin): (WebCore::SVGImageElement::didAttachRenderers): LayoutTests: * fast/images/missing-content-image-crash-expected.txt: Added. * fast/images/missing-content-image-crash.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@216728 268f45cc-cd09-0410-ab3c-d52691b4dbfc

commit: ee2f4518c0fbb2b2f7e06c4883edd2dedcbefa7a [log] [tgz]
author: zalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Fri May 12 03:55:57 2017 +0000
committer: zalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Fri May 12 03:55:57 2017 +0000
tree: 03e6bd3b0b4f0cfb0abd5cc653c8805b30054282
parent: 90287bab8a236d2e39212f6753a3ab504ba5feaa [diff] [blame]
diff --git a/Source/WebCore/svg/SVGImageElement.cpp b/Source/WebCore/svg/SVGImageElement.cpp
index b361b74..44ea21a 100644
--- a/Source/WebCore/svg/SVGImageElement.cpp
+++ b/Source/WebCore/svg/SVGImageElement.cpp

@@ -72,7 +72,7 @@
 bool SVGImageElement::hasSingleSecurityOrigin() const
 {
     auto* renderer = downcast<RenderSVGImage>(this->renderer());
-    if (!renderer || !renderer->imageResource().hasImage())
+    if (!renderer || !renderer->imageResource().cachedImage())
         return true;
     auto* image = renderer->imageResource().cachedImage()->image();
     return !image || image->hasSingleSecurityOrigin();
@@ -182,7 +182,7 @@
 void SVGImageElement::didAttachRenderers()
 {
     if (auto* imageObj = downcast<RenderSVGImage>(renderer())) {
-        if (imageObj->imageResource().hasImage())
+        if (imageObj->imageResource().cachedImage())
             return;
 
         imageObj->imageResource().setCachedImage(m_imageLoader.image());
commit	ee2f4518c0fbb2b2f7e06c4883edd2dedcbefa7a	[log] [tgz]
author	zalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Fri May 12 03:55:57 2017 +0000
committer	zalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Fri May 12 03:55:57 2017 +0000
tree	03e6bd3b0b4f0cfb0abd5cc653c8805b30054282
parent	90287bab8a236d2e39212f6753a3ab504ba5feaa [diff] [blame]