Handle a null ExecutionContext in CheckForUnoptimizedImagePolicy()

Bug: 1086668 Test: images/enable-images-then-detach-crash.html Change-Id: Id685d3fe1283efa2d3695a81c4154031f860b601 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2216792 Auto-Submit: Nate Chapin <japhet@chromium.org> Commit-Queue: Kentaro Hara <haraken@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#772049}

Handle a null ExecutionContext in CheckForUnoptimizedImagePolicy()
Bug: 1086668 Test: images/enable-images-then-detach-crash.html Change-Id: Id685d3fe1283efa2d3695a81c4154031f860b601 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2216792 Auto-Submit: Nate Chapin <japhet@chromium.org> Commit-Queue: Kentaro Hara <haraken@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#772049}
a1226e30 · Nate Chapin · Commit Bot · 4fa2a918 · a1226e30 · a1226e30
Commit a1226e30 authored May 27, 2020 by Nate Chapin Committed by Commit Bot May 27, 2020
3 changed files
--- a/third_party/blink/renderer/core/loader/image_loader.cc
+++ b/third_party/blink/renderer/core/loader/image_loader.cc
@@ -74,9 +74,9 @@ namespace blink {

 namespace {

-bool CheckForUnoptimizedImagePolicy(Document& document,
+bool CheckForUnoptimizedImagePolicy(ExecutionContext* context,
                                    ImageResourceContent* new_image) {
-  if (!new_image)
+  if (!context || !new_image)
    return false;

  // Render the image as a placeholder image if the image is not sufficiently
@@ -85,9 +85,8 @@ bool CheckForUnoptimizedImagePolicy(Document& document,
  // Note: UnoptimizedImagePolicies is currently part of DocumentPolicy.
  // The original runtime feature UnoptimizedImagePolicies is no longer used,
  // and are planned to be removed.
-  if (RuntimeEnabledFeatures::DocumentPolicyEnabled(&document) &&
-      !new_image->IsAcceptableCompressionRatio(
-          *document.GetExecutionContext())) {
+  if (RuntimeEnabledFeatures::DocumentPolicyEnabled(context) &&
+      !new_image->IsAcceptableCompressionRatio(*context)) {
    return true;
  }

@@ -816,7 +815,8 @@ void ImageLoader::ImageNotifyFinished(ImageResourceContent* resource) {
  // HTMLImageElement.
  // crbug.com/930281
  auto* html_image_element = DynamicTo<HTMLImageElement>(element_.Get());
-  if (CheckForUnoptimizedImagePolicy(element_->GetDocument(), image_content_) &&
+  if (CheckForUnoptimizedImagePolicy(element_->GetExecutionContext(),
+                                     image_content_) &&
      html_image_element)
    html_image_element->SetImagePolicyViolated();


--- a/third_party/blink/web_tests/images/enable-images-then-detach-crash-expected.txt
+++ b/third_party/blink/web_tests/images/enable-images-then-detach-crash-expected.txt
+PASS if no crash. 
--- a/third_party/blink/web_tests/images/enable-images-then-detach-crash.html
+++ b/third_party/blink/web_tests/images/enable-images-then-detach-crash.html
+<body>
+PASS if no crash.
+<script>
+if (window.localStorage.getItem("finish-during-reload") == null) {
+  if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.setImagesAllowed(false);
+  }
+
+  setTimeout(() => {
+    window.localStorage.setItem("finish-during-reload", "reload");
+    if (window.testRunner)
+      testRunner.setImagesAllowed(true);
+    internals.forceReload(false);
+  }, 0);
+}
+</script>
+<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAIAAAACDbGyAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAABVJREFUeNpiZPjPgAyYGBgo4gMEGABPkgEJUvO9mgAAAABJRU5ErkJggg==">