Bug 234918 - REGRESSION(r285618): A crash may happen when calculating the color-interpolation of a referenced SVG filter
Summary: REGRESSION(r285618): A crash may happen when calculating the color-interpolat...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Said Abou-Hallawa
URL:
Keywords: InRadar
Depends on:
Blocks: 231253
  Show dependency treegraph
 
Reported: 2022-01-06 05:52 PST by Said Abou-Hallawa
Modified: 2022-01-06 12:05 PST (History)
12 users (show)

See Also:

Attachments
Patch (5.03 KB, patch)
2022-01-06 06:10 PST, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Patch (4.90 KB, patch)
2022-01-06 07:35 PST, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Said Abou-Hallawa 2022-01-06 05:52:28 PST 
When building a referenced SVGFilter, the color-interpolation property of the effect element is calculated. If the effect element does not have a renderer, we fallback to the computed style property value. If the filter is inside an <iframe> which has media queries, a Document::updateLayout() will be forced. Building the SVGFilter should not invoke an updateLayout() since this may not be safe and out of order.
Comment 1 Said Abou-Hallawa 2022-01-06 05:53:16 PST 
rdar://86928631
Comment 2 Said Abou-Hallawa 2022-01-06 06:10:41 PST 
Created attachment 448492 [details]
Patch
Comment 3 Said Abou-Hallawa 2022-01-06 07:35:22 PST 
Created attachment 448499 [details]
Patch
Comment 4 EWS 2022-01-06 12:05:54 PST 
Committed r287710 (245795@main): <https://commits.webkit.org/245795@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 448499 [details].