263349 – (CVE-2023-42883) Deeply nested SVG patterns can take log time to invalidate the target element

RESOLVED FIXED 263349

CVE-2023-42883 Deeply nested SVG patterns can take log time to invalidate the target element

https://bugs.webkit.org/show_bug.cgi?id=263349

Summary Deeply nested SVG patterns can take log time to invalidate the target element

Said Abou-Hallawa

Reported 2023-10-18 17:18:58 PDT

Created attachment 468272 [details] est case (will hang for 3-4 minutes) Open the attached test case. Result: WebKit takes 3-4 minutes to show the page. Expected: The page is updated in reasonable time. NOTE: This test page uses a deeply nested pattern to fill an ellipse. When a <rect> is added to the deepest nested pattern, it causes 10^9 invalidation. This is due to pattern rect elements nesting relationship. NOTE: This can be fixed by marking the invalidated renderers as visited so they can be skipped if they are revisited.

Attachments
est case (will hang for 3-4 minutes) (2.11 KB, text/html) 2023-10-18 17:18 PDT, Said Abou-Hallawa	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Said Abou-Hallawa

Comment 1 2023-10-18 17:20:31 PDT

Pull request: https://github.com/WebKit/WebKit/pull/19260

Said Abou-Hallawa

Comment 2 2023-10-18 17:21:40 PDT

*** Bug 263341 has been marked as a duplicate of this bug. ***

Said Abou-Hallawa

Comment 3 2023-10-18 17:23:00 PDT

<rdar://problem/116532387>

EWS

Comment 4 2023-10-19 05:17:15 PDT

Committed 269516@main (00f03d987c0c): <https://commits.webkit.org/269516@main> Reviewed commits have been landed. Closing PR #19260 and removing active labels.

Said Abou-Hallawa

Comment 5 2023-10-23 16:02:09 PDT

Re-opening for pull request https://github.com/apple/WebKit/pull/866

EWS

Comment 6 2023-10-24 10:30:25 PDT

Committed 267815.402@safari-7617-branch (46e35d6223f3): <https://commits.webkit.org/267815.402@safari-7617-branch> Reviewed commits have been landed. Closing PR #866 and removing active labels.

Said Abou-Hallawa

Comment 7 2023-11-03 18:10:53 PDT

Re-opening for pull request https://github.com/apple/WebKit/pull/913

Michael Catanzaro

Comment 8 2024-10-17 13:52:10 PDT

https://commits.webkit.org/269516@main

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component SVG

Assignee

Said Abou-Hallawa

Reported

2023-10-18 17:18 PDT

Modified

2024-10-17 13:52 PDT History

CC List

4 users Show

URL

Keywords InRadar

Duplicates (1)

263341 View as bug list

Depends on

Blocks