263349 CVE-2023-42883 2023-10-18 17:18:58 -0700 Deeply nested SVG patterns can take log time to invalidate the target element 2024-10-17 13:52:10 -0700 1 1 1 Unclassified WebKit SVG WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 sabouhallawa sabouhallawa mcatanzaro sabouhallawa webkit-bug-importer zimmermann oldest_to_newest 1986016 0 468272 sabouhallawa 2023-10-18 17:18:58 -0700 Created attachment 468272 est case (will hang for 3-4 minutes) Open the attached test case. Result: WebKit takes 3-4 minutes to show the page. Expected: The page is updated in reasonable time. NOTE: This test page uses a deeply nested pattern to fill an ellipse. When a <rect> is added to the deepest nested pattern, it causes 10^9 invalidation. This is due to pattern rect elements nesting relationship. NOTE: This can be fixed by marking the invalidated renderers as visited so they can be skipped if they are revisited. 1986018 1 sabouhallawa 2023-10-18 17:20:31 -0700 Pull request: https://github.com/WebKit/WebKit/pull/19260 1986020 2 sabouhallawa 2023-10-18 17:21:40 -0700 *** Bug 263341 has been marked as a duplicate of this bug. *** 1986021 3 sabouhallawa 2023-10-18 17:23:00 -0700 <rdar://problem/116532387> 1986129 4 ews-feeder 2023-10-19 05:17:15 -0700 Committed 269516@main (00f03d987c0c): <https://commits.webkit.org/269516@main> Reviewed commits have been landed. Closing PR #19260 and removing active labels. 1986993 5 sabouhallawa 2023-10-23 16:02:09 -0700 Re-opening for pull request https://github.com/apple/WebKit/pull/866 1987167 6 ews-feeder 2023-10-24 10:30:25 -0700 Committed 267815.402@safari-7617-branch (46e35d6223f3): <https://commits.webkit.org/267815.402@safari-7617-branch> Reviewed commits have been landed. Closing PR #866 and removing active labels. 1989869 7 sabouhallawa 2023-11-03 18:10:53 -0700 Re-opening for pull request https://github.com/apple/WebKit/pull/913 2068886 8 mcatanzaro 2024-10-17 13:52:10 -0700 https://commits.webkit.org/269516@main 468272 2023-10-18 17:18:58 -0700 2023-10-18 17:18:58 -0700 est case (will hang for 3-4 minutes) pattern-nested-reference.html text/html 2165 sabouhallawa PGJvZHk+CiAgICA8c3ZnIGlkPSJzdmciIHdpZHRoPSI2MDBweCIgaGVpZ2h0PSI0MDBweCI+CiAg ICAgICAgPGVsbGlwc2UgY3g9IjMwMCIgY3k9IjIwMCIgcng9IjI1MCIgcnk9IjE1MCIgZmlsbD0i dXJsKCN6KSIgc3Ryb2tlPSJibGFjayIgc3Ryb2tlLXdpZHRoPSIyIiAvPgogICAgPC9zdmc+CiAg ICA8c2NyaXB0PgogICAgICAgIGZ1bmN0aW9uIGNyZWF0ZVBhdHRlcm4ocGFyZW50LCBpZCwgZmls bFVSTCwgY29sb3JzKSB7CiAgICAgICAgICAgIHZhciBwYXR0ZXJuID0gZG9jdW1lbnQuY3JlYXRl RWxlbWVudE5TKCJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIsICJwYXR0ZXJuIik7CiAgICAg ICAgICAgIHBhcmVudC5hcHBlbmRDaGlsZChwYXR0ZXJuKTsKCiAgICAgICAgICAgIHBhdHRlcm4u c2V0QXR0cmlidXRlKCJpZCIsIGlkKTsKICAgICAgICAgICAgcGF0dGVybi5zZXRBdHRyaWJ1dGUo IngiLCAiMTAiKTsKICAgICAgICAgICAgcGF0dGVybi5zZXRBdHRyaWJ1dGUoInkiLCAiMTAiKTsK ICAgICAgICAgICAgcGF0dGVybi5zZXRBdHRyaWJ1dGUoIndpZHRoIiwgIjEwMCIpOwogICAgICAg ICAgICBwYXR0ZXJuLnNldEF0dHJpYnV0ZSgiaGVpZ2h0IiwgIjEwMCIpOwogICAgICAgICAgICBw YXR0ZXJuLnNldEF0dHJpYnV0ZSgicGF0dGVyblVuaXRzIiwgInVzZXJTcGFjZU9uVXNlIik7Cgog ICAgICAgICAgICBmb3IgKGkgaW4gY29sb3JzKSB7CiAgICAgICAgICAgICAgICB2YXIgcmVjdCA9 IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnROUygiaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciLCAi cmVjdCIpOwogICAgICAgICAgICAgICAgcGF0dGVybi5hcHBlbmRDaGlsZChyZWN0KTsKCiAgICAg ICAgICAgICAgICByZWN0LnNldEF0dHJpYnV0ZSgieCIsIGkpOwogICAgICAgICAgICAgICAgcmVj dC5zZXRBdHRyaWJ1dGUoInkiLCBpKTsKICAgICAgICAgICAgICAgIHJlY3Quc2V0QXR0cmlidXRl KCJ3aWR0aCIsICIxMDAiKTsKICAgICAgICAgICAgICAgIHJlY3Quc2V0QXR0cmlidXRlKCJoZWln aHQiLCAiMTAwIik7CiAgICAgICAgICAgICAgICByZWN0LnNldEF0dHJpYnV0ZSgiZmlsbCIsIGZp bGxVUkwpOwogICAgICAgICAgICAgICAgcmVjdC5zZXRBdHRyaWJ1dGUoInN0cm9rZSIsIGNvbG9y c1tpXSk7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIGZ1bmN0aW9uIHNldHVwUGF0 dGVybnMoKSB7CiAgICAgICAgICAgIHZhciBzdmcgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgi c3ZnIik7CgogICAgICAgICAgICBjb25zdCBjb2xvcnMgPSBbCiAgICAgICAgICAgICAgICAiZ3Jl ZW4iLAogICAgICAgICAgICAgICAgImJyb3duIiwKICAgICAgICAgICAgICAgICJwaW5rIiwKICAg ICAgICAgICAgICAgICJncmV5IiwKICAgICAgICAgICAgICAgICJjeWFuIiwKICAgICAgICAgICAg ICAgICJncmVlbiIsCiAgICAgICAgICAgICAgICAiYnJvd24iLAogICAgICAgICAgICAgICAgInBp bmsiLAogICAgICAgICAgICAgICAgImdyZXkiLAogICAgICAgICAgICAgICAgImN5YW4iCiAgICAg ICAgICAgIF07CgogICAgICAgICAgICBjcmVhdGVQYXR0ZXJuKHN2ZywgInoiLCAidXJsKCNpKSIs IGNvbG9ycyk7CiAgICAgICAgICAgIGNyZWF0ZVBhdHRlcm4oc3ZnLCAiaSIsICJ1cmwoI2gpIiwg Y29sb3JzKTsKICAgICAgICAgICAgY3JlYXRlUGF0dGVybihzdmcsICJoIiwgInVybCgjZykiLCBj b2xvcnMpOwogICAgICAgICAgICBjcmVhdGVQYXR0ZXJuKHN2ZywgImciLCAidXJsKCNmKSIsIGNv bG9ycyk7CiAgICAgICAgICAgIGNyZWF0ZVBhdHRlcm4oc3ZnLCAiZiIsICJ1cmwoI2UpIiwgY29s b3JzKTsKICAgICAgICAgICAgY3JlYXRlUGF0dGVybihzdmcsICJlIiwgInVybCgjZCkiLCBjb2xv cnMpOwogICAgICAgICAgICBjcmVhdGVQYXR0ZXJuKHN2ZywgImQiLCAidXJsKCNjKSIsIGNvbG9y cyk7CiAgICAgICAgICAgIGNyZWF0ZVBhdHRlcm4oc3ZnLCAiYyIsICJ1cmwoI2IpIiwgY29sb3Jz KTsKICAgICAgICAgICAgY3JlYXRlUGF0dGVybihzdmcsICJiIiwgInVybCgjYSkiLCBjb2xvcnMp OwogICAgICAgICAgICBjcmVhdGVQYXR0ZXJuKHN2ZywgImEiLCAibm9uZSIsIGNvbG9ycyk7CiAg ICAgICAgfQoKICAgICAgICBzZXR1cFBhdHRlcm5zKCk7CiAgICA8L3NjcmlwdD4KPC9ib2R5Pgo=