Bug 234918

Summary:

REGRESSION(r285618): A crash may happen when calculating the color-interpolation of a referenced SVG filter

Product:

WebKit

Reporter:

Said Abou-Hallawa <sabouhallawa>

Component:

Layout and Rendering

Assignee:

Said Abou-Hallawa <sabouhallawa>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, dino, ews-watchlist, fmalita, gyuyoung.kim, kondapallykalyan, pdr, schenney, sergio, simon.fraser, webkit-bug-importer, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=232469

Bug Depends on:

Bug Blocks:

231253

Attachments:

Description	Flags
Patch	none
Patch	none

Description Said Abou-Hallawa 2022-01-06 05:52:28 PST

When building a referenced SVGFilter, the color-interpolation property of the effect element is calculated. If the effect element does not have a renderer, we fallback to the computed style property value. If the filter is inside an <iframe> which has media queries, a Document::updateLayout() will be forced. Building the SVGFilter should not invoke an updateLayout() since this may not be safe and out of order.

Comment 1 Said Abou-Hallawa 2022-01-06 05:53:16 PST

rdar://86928631

Comment 2 Said Abou-Hallawa 2022-01-06 06:10:41 PST

Created attachment 448492 [details]
Patch

Comment 3 Said Abou-Hallawa 2022-01-06 07:35:22 PST

Created attachment 448499 [details]
Patch

Comment 4 EWS 2022-01-06 12:05:54 PST

Committed r287710 (245795@main): <https://commits.webkit.org/245795@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 448499 [details].