LibWeb/CSS: Remove nullpointer dereference in Parser

On platinenmacher.tech there is a document without a window. During size attribute parsing the window pointer is dereferenced which causes a crash. This checks for the window to be actually there before dereferencing.
haizzus · Jan 9, 2024 · 7d63b8b · 7d63b8b
1 parent 343d6b0
commit 7d63b8b
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/Userland/Libraries/LibWeb/CSS/Parser/Parser.cpp b/Userland/Libraries/LibWeb/CSS/Parser/Parser.cpp
@@ -6648,7 +6648,8 @@ LengthOrCalculated Parser::Parser::parse_as_sizes_attribute()
  // If it does not parse correctly, or it does parse correctly but the <media-condition> evaluates to false, continue.
  TokenStream<ComponentValue> token_stream { unparsed_size };
  auto media_condition = parse_media_condition(token_stream, MediaCondition::AllowOr::Yes);
- if (media_condition && media_condition->evaluate(*m_context.window()) == MatchResult::True) {
+ auto context_window = m_context.window();
+ if (context_window && media_condition && media_condition->evaluate(*context_window) == MatchResult::True) {
  return size.value();
  } else {
  continue;

diff --git a/Userland/Libraries/LibWeb/CSS/Parser/ParsingContext.cpp b/Userland/Libraries/LibWeb/CSS/Parser/ParsingContext.cpp
@@ -56,7 +56,7 @@ AK::URL ParsingContext::complete_url(StringView relative_url) const
 
 HTML::Window const* ParsingContext::window() const
 {
- return m_document ? &m_document->window() : nullptr;
+ return m_document && m_document->default_view() ? &m_document->window() : nullptr;
 }
 
 }