Bug 234918

Summary: REGRESSION(r285618): A crash may happen when calculating the color-interpolation of a referenced SVG filter
Product: WebKit Reporter: Said Abou-Hallawa <sabouhallawa>
Component: Layout and RenderingAssignee: Said Abou-Hallawa <sabouhallawa>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, dino, ews-watchlist, fmalita, gyuyoung.kim, kondapallykalyan, pdr, schenney, sergio, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=232469
Bug Depends on:    
Bug Blocks: 231253    
Attachments:
Description Flags
Patch
none
Patch none

Said Abou-Hallawa
Reported 2022-01-06 05:52:28 PST
When building a referenced SVGFilter, the color-interpolation property of the effect element is calculated. If the effect element does not have a renderer, we fallback to the computed style property value. If the filter is inside an <iframe> which has media queries, a Document::updateLayout() will be forced. Building the SVGFilter should not invoke an updateLayout() since this may not be safe and out of order.
Attachments
Patch (5.03 KB, patch)
2022-01-06 06:10 PST, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (4.90 KB, patch)
2022-01-06 07:35 PST, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Said Abou-Hallawa
Comment 1 2022-01-06 05:53:16 PST
rdar://86928631
Said Abou-Hallawa
Comment 2 2022-01-06 06:10:41 PST
Created attachment 448492 [details] Patch
Said Abou-Hallawa
Comment 3 2022-01-06 07:35:22 PST
Created attachment 448499 [details] Patch
EWS
Comment 4 2022-01-06 12:05:54 PST
Committed r287710 (245795@main): <https://commits.webkit.org/245795@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 448499 [details].
Note You need to log in before you can comment on or make changes to this bug.