From b140206a91e809426248f85a5471f734d8e86997 Mon Sep 17 00:00:00 2001 From: Tim Ledbetter Date: Fri, 6 Sep 2024 23:38:13 +0100 Subject: [PATCH] LibWeb: Don't crash when calling getBBox() on the outermost SVG element --- .../SVG/getBBox-outermost-svg-element-crash.txt | 1 + .../SVG/getBBox-outermost-svg-element-crash.html | 11 +++++++++++ Userland/Libraries/LibWeb/SVG/SVGGraphicsElement.cpp | 6 +++++- 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 Tests/LibWeb/Text/expected/SVG/getBBox-outermost-svg-element-crash.txt create mode 100644 Tests/LibWeb/Text/input/SVG/getBBox-outermost-svg-element-crash.html diff --git a/Tests/LibWeb/Text/expected/SVG/getBBox-outermost-svg-element-crash.txt b/Tests/LibWeb/Text/expected/SVG/getBBox-outermost-svg-element-crash.txt new file mode 100644 index 00000000000..15dc8e1e7b7 --- /dev/null +++ b/Tests/LibWeb/Text/expected/SVG/getBBox-outermost-svg-element-crash.txt @@ -0,0 +1 @@ + Bounding box of empty SVG element - x: 0, y: 0, width: 0, height: 0 diff --git a/Tests/LibWeb/Text/input/SVG/getBBox-outermost-svg-element-crash.html b/Tests/LibWeb/Text/input/SVG/getBBox-outermost-svg-element-crash.html new file mode 100644 index 00000000000..53518f43e2d --- /dev/null +++ b/Tests/LibWeb/Text/input/SVG/getBBox-outermost-svg-element-crash.html @@ -0,0 +1,11 @@ + + + + diff --git a/Userland/Libraries/LibWeb/SVG/SVGGraphicsElement.cpp b/Userland/Libraries/LibWeb/SVG/SVGGraphicsElement.cpp index cd29ba37894..a42bbff3d66 100644 --- a/Userland/Libraries/LibWeb/SVG/SVGGraphicsElement.cpp +++ b/Userland/Libraries/LibWeb/SVG/SVGGraphicsElement.cpp @@ -262,6 +262,7 @@ Optional SVGGraphicsElement::stroke_width() const return width.to_px(*layout_node(), scaled_viewport_size).to_double(); } +// https://svgwg.org/svg2-draft/types.html#__svg__SVGGraphicsElement__getBBox JS::NonnullGCPtr SVGGraphicsElement::get_b_box(Optional) { // FIXME: It should be possible to compute this without layout updates. The bounding box is within the @@ -272,7 +273,10 @@ JS::NonnullGCPtr SVGGraphicsElement::get_b_box(Optional screen space transform. - auto svg_element_rect = shadow_including_first_ancestor_of_type()->paintable_box()->absolute_rect(); + auto owner_svg_element = this->owner_svg_element(); + if (!owner_svg_element) + return Geometry::DOMRect::create(realm()); + auto svg_element_rect = owner_svg_element->paintable_box()->absolute_rect(); auto inverse_transform = static_cast(*paintable_box()).computed_transforms().svg_to_css_pixels_transform().inverse(); auto translated_rect = paintable_box()->absolute_rect().to_type().translated(-svg_element_rect.location().to_type()); if (inverse_transform.has_value())