Bug 37176

Summary:

Canvas: radialGradient with negative radius should throw exception

Product:

WebKit

Reporter:

George Staikos <staikos>

Component:

Layout and Rendering

Assignee:

George Staikos <staikos>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, ap, darin, dbates, eric, jamesr, kling, krit, oliver, webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

OS X 10.5

Attachments:

Description	Flags
Patch to fix the problem, with tests.	none
Self Contained Test	none
Patch	none
Patch	darin: review+

George Staikos

Reported 2010-04-06 16:08:01 PDT

Created attachment 52677 [details] Patch to fix the problem, with tests. Canvas specification says that negative radius for radial gradients should trigger INDEX_SIZE_ERR DOM exception. Credit to Dan Bates for the test.

Attachments
Patch to fix the problem, with tests. (4.82 KB, patch) 2010-04-06 16:08 PDT, George Staikos	no flags	Details Formatted Diff Diff
Self Contained Test (1.53 KB, text/html) 2010-04-06 23:54 PDT, Daniel Bates	no flags	Details
Patch (5.94 KB, patch) 2010-09-23 17:49 PDT, James Robinson	no flags	Details Formatted Diff Diff
Patch (7.23 KB, patch) 2010-10-13 18:11 PDT, James Robinson	darin: review+	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Eric Seidel (no email)

Comment 1 2010-04-06 20:59:49 PDT

Comment on attachment 52677 [details] Patch to fix the problem, with tests. OK. Sounds sane. Lets hope this doesn't break the web.

Oliver Hunt

Comment 2 2010-04-06 22:30:08 PDT

Test firefox -- i'm fairly sure someone tried this before and it caused site breakage (although one would expect a test to have been added if we changed that behaviour, right?)

Eric Seidel (no email)

Comment 3 2010-04-06 23:46:05 PDT

Attachment 52677 [details] was posted by a committer and has review+, assigning to George Staikos for commit.

Daniel Bates

Comment 4 2010-04-06 23:54:48 PDT

Created attachment 52707 [details] Self Contained Test For convenience, a self-contained version of the layout test included in the patch.

George Staikos

Comment 5 2010-04-07 17:45:32 PDT

(In reply to comment #2) > Test firefox -- i'm fairly sure someone tried this before and it caused site > breakage (although one would expect a test to have been added if we changed > that behaviour, right?) Yes, and also I kind of wonder how this could break a site, nevermind an important one. Negative radius on a gradient??

Eric Seidel (no email)

Comment 6 2010-05-17 00:40:53 PDT

Unsure of the status of this patch. It's been in pending-commit for over a month. Updates?

Dirk Schulze

Comment 7 2010-05-24 11:38:38 PDT

I agree to olliver. I think it's not good to apply this patch. Some sites use negative radius, and this would break this sites. I remember a site which draws meolcules that were dragable. I also opened a bug report on mozilla https://bugzilla.mozilla.org/show_bug.cgi?id=491150 . Someone added a patch to this br and it is still not accepted. I would wait for mozilla before we take the patch.

Dirk Schulze

Comment 8 2010-05-24 12:06:47 PDT

*** Bug 24668 has been marked as a duplicate of this bug. ***

Andreas Kling

Comment 9 2010-06-10 01:27:34 PDT

*** Bug 40392 has been marked as a duplicate of this bug. ***

Eric Seidel (no email)

Comment 10 2010-09-02 13:51:09 PDT

Comment on attachment 52677 [details] Patch to fix the problem, with tests. r- until firefox agreement. What does IE9 do?

James Robinson

Comment 11 2010-09-22 18:14:29 PDT

*** Bug 46323 has been marked as a duplicate of this bug. ***

James Robinson

Comment 12 2010-09-23 17:49:35 PDT

Created attachment 68633 [details] Patch

James Robinson

Comment 13 2010-09-23 17:50:40 PDT

The spec, Opera, and IE9 beta all agree that this should throw. It's also consistent with our behavior for arc() and arcTo() with a negative radius. The canvas molecule demo cited in the mozilla bug isn't available at that URL any more, so I doubt there is any valid concern about legacy content.

Andreas Kling

Comment 14 2010-09-28 13:07:44 PDT

(In reply to comment #13) > The spec, Opera, and IE9 beta all agree that this should throw. It's also consistent with our behavior for arc() and arcTo() with a negative radius. The canvas molecule demo cited in the mozilla bug isn't available at that URL any more, so I doubt there is any valid concern about legacy content. LGTM, but I'd like someone who's more familiar with this kind of change to give the kiss of death.

Dirk Schulze

Comment 15 2010-10-13 02:00:38 PDT

Comment on attachment 68633 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=68633&action=review r=me > WebCore/html/canvas/CanvasRenderingContext2D.cpp:1458 > + if (r0 < 0 || r1 < 0) { > + ec = INDEX_SIZE_ERR; > + return 0; > + } Add a newline before and after the condition.

Darin Adler

Comment 16 2010-10-13 09:40:07 PDT

Comment on attachment 68633 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=68633&action=review > WebCore/html/canvas/CanvasRenderingContext2D.cpp:1461 > PassRefPtr<CanvasGradient> gradient = CanvasGradient::create(FloatPoint(x0, y0), r0, FloatPoint(x1, y1), r1); > prepareGradientForDashboard(gradient.get()); > return gradient; This is a misuse of PassRefPtr.

Dirk Schulze

Comment 17 2010-10-13 09:45:15 PDT

(In reply to comment #16) > (From update of attachment 68633 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=68633&action=review > > > WebCore/html/canvas/CanvasRenderingContext2D.cpp:1461 > > PassRefPtr<CanvasGradient> gradient = CanvasGradient::create(FloatPoint(x0, y0), r0, FloatPoint(x1, y1), r1); > > prepareGradientForDashboard(gradient.get()); > > return gradient; > > This is a misuse of PassRefPtr. Oh, thats right! James can you fix this as well?

Dirk Schulze

Comment 18 2010-10-13 09:48:26 PDT

(In reply to comment #17) > (In reply to comment #16) > > (From update of attachment 68633 [details] [details]) > > View in context: https://bugs.webkit.org/attachment.cgi?id=68633&action=review > > > > > WebCore/html/canvas/CanvasRenderingContext2D.cpp:1461 > > > PassRefPtr<CanvasGradient> gradient = CanvasGradient::create(FloatPoint(x0, y0), r0, FloatPoint(x1, y1), r1); > > > prepareGradientForDashboard(gradient.get()); > > > return gradient; > > > > This is a misuse of PassRefPtr. > > Oh, thats right! James can you fix this as well? The same for linerGradient, should be RefPtr<CanvasGradient>

James Robinson

Comment 19 2010-10-13 12:30:44 PDT

Sure thing. I'll add the extra newlines, fix the PassRefPtr<> violations in this file and post a new patch. Thanks for looking.

James Robinson

Comment 20 2010-10-13 18:11:58 PDT

Created attachment 70697 [details] Patch

James Robinson

Comment 21 2010-10-13 18:12:29 PDT

Patch adds some whitespace and fixes all the misuses of PassRefPtr / RefPtr I could find in this .cpp. Mind taking another look?

James Robinson

Comment 22 2010-10-13 19:13:23 PDT

Committed r69727: <http://trac.webkit.org/changeset/69727>

WebKit Review Bot

Comment 23 2010-10-13 21:32:48 PDT

http://trac.webkit.org/changeset/69727 might have broken GTK Linux 64-bit Debug The following tests are not passing: canvas/philip/tests/2d.gradient.radial.negative.html editing/selection/context-menu-on-text.html

Note You need to log in before you can comment on or make changes to this bug.