Bug 75711

Summary: Huge filter area cause hangs and malloc failures
Product: WebKit Reporter: epoger
Component: CSSAssignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Major CC: cmarrin, dino, simon.fraser
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch dino: review+

epoger
Reported 2012-01-06 09:33:57 PST
[split off of http://crbug.com/108782 ('Aw, Snap! when adding CSS3 filter effects on a div tag')]
Attachments
Patch (7.21 KB, patch)
2012-01-13 17:59 PST, Simon Fraser (smfr) 		dino: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2012-01-06 09:54:11 PST
Got a testcase? Some stupid cookie issue is preventing me from seeing the crbug.
epoger
Comment 2 2012-01-06 10:05:34 PST
Here is the initial report. Can you maybe visit the original bug using an Incognito Window? Chrome Version: 18.0.986.0 (Official Build 115854) canary OS: Mac OS X 10.7.2 Crash ID: no crash reported in chrome://crashes URL (if applicable) where crash occurred: http://updates.html5rocks.com/2011/12/CSS-Filter-Effects-Landing-in-WebKit Can you reproduce this crash? Yes What steps will reproduce this crash (or if it's not reproducible, what were you doing just before the crash)? 1. Open DevTools 2. Select <div id="wrap"> node 3. Add a css rule in the element.style pane: -webkit-filter: grayscale(0); 4. Aw, Snap! Console Log: Google Chrome Helper(668,0xac74c2c0) malloc: *** mmap(size=1966014464) failed (error code=12) *** error: can't allocate region *** set a breakpoint in malloc_error_break to debug [668:519:717682482340:ERROR:process_util_mac.mm(553)] Terminating process due to a potential for future heap corruption
Simon Fraser (smfr)
Comment 3 2012-01-06 11:47:07 PST
The huge layer is because .dsq-toolbar-icon has text-indent: -9999em with no overflow:hidden, so the site is asking for it.
Simon Fraser (smfr)
Comment 4 2012-01-09 11:13:41 PST
I think transparencyClipBox() could intersect with the clip rect.
Simon Fraser (smfr)
Comment 5 2012-01-13 17:59:53 PST
Created attachment 122525 [details] Patch
Dean Jackson
Comment 6 2012-01-16 14:07:13 PST
Comment on attachment 122525 [details] Patch I wonder if we should add some way to debug/display a filter chain in DRT or LayoutTestController?
Simon Fraser (smfr)
Comment 7 2012-01-16 14:37:35 PST
http://trac.webkit.org/changeset/105092
Note You need to log in before you can comment on or make changes to this bug.