Bad cast under CachedResourceLoader::preload()

https://bugs.webkit.org/show_bug.cgi?id=268405 rdar://121745788 Reviewed by Brent Fulgham. In CachedResourceLoader::preload() we were calling requestResource(type) to get a resource. Then if the type we requested was `FontResource`, we assumed the the CachedResource returned was a CachedFont and would cast to that type. However, this cast ends up being incorrect in some cases. I suspect this could happen when requesting resources with the same URL but different types. To address the issue, we now check the actual type of the returned CachedResource before casting it. * Source/WebCore/loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::preload): Originally-landed-as: 272448.421@safari-7618-branch (25c1145). rdar://124554524 Canonical link: https://commits.webkit.org/276162@main
WebKit · Mar 15, 2024 · b160146 · b160146
1 parent a6406e4
commit b160146
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Source/WebCore/loader/cache/CachedResourceLoader.cpp b/Source/WebCore/loader/cache/CachedResourceLoader.cpp
@@ -1681,8 +1681,8 @@ ResourceErrorOr<CachedResourceHandle<CachedResource>> CachedResourceLoader::prel
     if (resource && (!m_preloads || !m_preloads->contains(*resource.value().get()))) {
         CachedResourceHandle resourceValue = resource.value();
         // Fonts need special treatment since just creating the resource doesn't trigger a load.
-        if (type == CachedResource::Type::FontResource)
-            downcast<CachedFont>(resourceValue.get())->beginLoadIfNeeded(*this);
+        if (CachedResourceHandle cachedFont = dynamicDowncast<CachedFont>(resourceValue.get()))
+            cachedFont->beginLoadIfNeeded(*this);
         resourceValue->increasePreloadCount();
 
         if (!m_preloads)