263349 – (CVE-2023-42883) Deeply nested SVG patterns can take log time to invalidate the target element

Bug 263349 (CVE-2023-42883) - Deeply nested SVG patterns can take log time to invalidate the target element

Summary: Deeply nested SVG patterns can take log time to invalidate the target element

Status:	RESOLVED FIXED

Alias:	CVE-2023-42883

Product:	WebKit
Classification:	Unclassified
Component:	SVG (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Said Abou-Hallawa

URL:
Keywords:	InRadar

Duplicates (1):	263341 (view as bug list)
Depends on:
Blocks:

Reported:	2023-10-18 17:18 PDT by Said Abou-Hallawa
Modified:	2023-12-14 07:47 PST (History)
CC List:	4 users (show)

See Also:

Attachments
est case (will hang for 3-4 minutes) (2.11 KB, text/html) 2023-10-18 17:18 PDT, Said Abou-Hallawa	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Said Abou-Hallawa 2023-10-18 17:18:58 PDT

Created attachment 468272 [details]
est case (will hang for 3-4 minutes)

Open the attached test case.

Result: WebKit takes 3-4 minutes to show the page.
Expected: The page is updated in reasonable time.

NOTE: This test page uses a deeply nested pattern to fill an ellipse. When a <rect> is added to the deepest nested pattern, it causes 10^9 invalidation. This is due to pattern rect elements nesting relationship.

NOTE: This can be fixed by marking the invalidated renderers as visited so they can be skipped if they are revisited.

Comment 1 Said Abou-Hallawa 2023-10-18 17:20:31 PDT

Pull request: https://github.com/WebKit/WebKit/pull/19260

Comment 2 Said Abou-Hallawa 2023-10-18 17:21:40 PDT

*** Bug 263341 has been marked as a duplicate of this bug. ***

Comment 3 Said Abou-Hallawa 2023-10-18 17:23:00 PDT

<rdar://problem/116532387>

Comment 4 EWS 2023-10-19 05:17:15 PDT

Committed 269516@main (00f03d987c0c): <https://commits.webkit.org/269516@main>

Reviewed commits have been landed. Closing PR #19260 and removing active labels.

Comment 5 Said Abou-Hallawa 2023-10-23 16:02:09 PDT

Re-opening for pull request https://github.com/apple/WebKit/pull/866

Comment 6 EWS 2023-10-24 10:30:25 PDT

Committed 267815.402@safari-7617-branch (46e35d6223f3): <https://commits.webkit.org/267815.402@safari-7617-branch>

Reviewed commits have been landed. Closing PR #866 and removing active labels.

Comment 7 Said Abou-Hallawa 2023-11-03 18:10:53 PDT

Re-opening for pull request https://github.com/apple/WebKit/pull/913