RESOLVED FIXED Bug 234918
REGRESSION(r285618): A crash may happen when calculating the color-interpolation of a referenced SVG filter 
https://bugs.webkit.org/show_bug.cgi?id=234918
Summary REGRESSION(r285618): A crash may happen when calculating the color-interpolat...
Said Abou-Hallawa
Reported 2022-01-06 05:52:28 PST
When building a referenced SVGFilter, the color-interpolation property of the effect element is calculated. If the effect element does not have a renderer, we fallback to the computed style property value. If the filter is inside an <iframe> which has media queries, a Document::updateLayout() will be forced. Building the SVGFilter should not invoke an updateLayout() since this may not be safe and out of order.
Attachments
Patch (5.03 KB, patch)
2022-01-06 06:10 PST, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Patch (4.90 KB, patch)
2022-01-06 07:35 PST, Said Abou-Hallawa 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Said Abou-Hallawa
Comment 1 2022-01-06 05:53:16 PST
rdar://86928631
Said Abou-Hallawa
Comment 2 2022-01-06 06:10:41 PST
Created attachment 448492 [details] Patch
Said Abou-Hallawa
Comment 3 2022-01-06 07:35:22 PST
Created attachment 448499 [details] Patch
EWS
Comment 4 2022-01-06 12:05:54 PST
Committed r287710 (245795@main): <https://commits.webkit.org/245795@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 448499 [details].
Note You need to log in before you can comment on or make changes to this bug.