Bug 227624

Summary: REGRESSION (r278377): incorrect hit-testing with clip-path()
Product: WebKit Reporter: Antoine Quint <graouts>
Component: Layout and RenderingAssignee: zalan <zalan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, changseok, christoph-wk, esprehn+autocc, ews-watchlist, fred.wang, glenn, kondapallykalyan, pdr, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=226499
Attachments:
Description Flags
test
none
More self-explanatory, non-flex testcase
none
Another test reduction
none
Patch
none
Patch none

Description Antoine Quint 2021-07-02 07:00:01 PDT 
Created attachment 432788 [details]
test

The attached test case regressed with r278377 in that the cursor set via CSS on an element with a clip-path and a hierarchy of element with display: flex and clip-path above it fails to show the cursor.
Comment 1 Antoine Quint 2021-07-02 07:00:29 PDT 
<rdar://problem/79845896>
Comment 2 Antoine Quint 2021-07-02 07:12:14 PDT 
The test case shows the intermediate container is the one being hit-tested since the wait cursor is shown when hovering over the black rectangle.
Comment 3 Antoine Quint 2021-07-02 08:16:39 PDT 
We fail this check in Path::contains() under this call stack when consider the RenderLayer for the "leaf" element:

    if (!fastBoundingRect().contains(point))
        return false;

#0	0x000000073c986373 in WebCore::Path::contains(WebCore::FloatPoint const&, WebCore::WindRule) const at WebCore/platform/graphics/cg/PathCG.cpp:227
#1	0x000000073cdca823 in WebCore::RenderBox::hitTestClipPath(WebCore::HitTestLocation const&, WebCore::LayoutPoint const&) const at WebCore/rendering/RenderBox.cpp:1388
#2	0x000000073ceba871 in WebCore::RenderLayer::hitTestLayer(WebCore::RenderLayer*, WebCore::RenderLayer*, WebCore::HitTestRequest const&, WebCore::HitTestResult&, WebCore::LayoutRect const&, WebCore::HitTestLocation const&, bool, WebCore::HitTestingTransformState const*, double*) at WebCore/rendering/RenderLayer.cpp:4122

The provided point is indeed outside of the bounds and seems to be in page coordinates, or at least converted to the coordinates of this element.
Comment 4 Simon Fraser (smfr) 2021-07-02 11:00:30 PDT 
Created attachment 432805 [details]
More self-explanatory, non-flex testcase
Comment 5 zalan 2021-07-02 13:41:09 PDT 
Created attachment 432818 [details]
Another test reduction
Comment 6 zalan 2021-07-02 20:03:06 PDT 
Created attachment 432839 [details]
Patch
Comment 7 Simon Fraser (smfr) 2021-07-03 08:49:32 PDT 
Comment on attachment 432839 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=432839&action=review

> Source/WebCore/ChangeLog:13
> +        3. The clip-path instersecting takes coordinates relative to the containing block.

"instersecting"
Comment 8 zalan 2021-07-03 09:30:07 PDT 
Created attachment 432851 [details]
Patch
Comment 9 EWS 2021-07-03 10:27:54 PDT 
Committed r279544 (239380@main): <https://commits.webkit.org/239380@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 432851 [details].
Comment 10 Simon Fraser (smfr) 2021-07-24 22:08:24 PDT 
*** Bug 228262 has been marked as a duplicate of this bug. ***