Title: [191403] trunk
- Revision
- 191403
- Author
- d...@apple.com
- Date
- 2015-10-21 14:45:26 -0700 (Wed, 21 Oct 2015)
Log Message
Null dereference loading Blink layout test svg/filters/display-none-filter-primitive.html
https://bugs.webkit.org/show_bug.cgi?id=150212
<rdar://problem/23137376>
Reviewed by Brent Fulgham.
Source/WebCore:
Handle the case where a filter element doesn't have a renderer. Inspired by the Blink
commit:
https://chromium.googlesource.com/chromium/src.git/+/fb79f7fc46552d45127acd2959a23662ad8f271e
Test: svg/filters/display-none-filter-primitive.html
* rendering/svg/RenderSVGResourceFilter.cpp:
(WebCore::RenderSVGResourceFilter::buildPrimitives):
* svg/graphics/filters/SVGFilterBuilder.cpp:
(WebCore::SVGFilterBuilder::appendEffectToEffectReferences):
LayoutTests:
* svg/filters/display-none-filter-primitive-expected.txt: Added.
* svg/filters/display-none-filter-primitive.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (191402 => 191403)
--- trunk/LayoutTests/ChangeLog 2015-10-21 21:26:41 UTC (rev 191402)
+++ trunk/LayoutTests/ChangeLog 2015-10-21 21:45:26 UTC (rev 191403)
@@ -1,3 +1,14 @@
+2015-10-21 Dean Jackson <d...@apple.com>
+
+ Null dereference loading Blink layout test svg/filters/display-none-filter-primitive.html
+ https://bugs.webkit.org/show_bug.cgi?id=150212
+ <rdar://problem/23137376>
+
+ Reviewed by Brent Fulgham.
+
+ * svg/filters/display-none-filter-primitive-expected.txt: Added.
+ * svg/filters/display-none-filter-primitive.html: Added.
+
2015-10-21 Brady Eidson <beid...@apple.com>
Modern IDB: Add basic transaction aborting.
Added: trunk/LayoutTests/svg/filters/display-none-filter-primitive-expected.txt (0 => 191403)
--- trunk/LayoutTests/svg/filters/display-none-filter-primitive-expected.txt (rev 0)
+++ trunk/LayoutTests/svg/filters/display-none-filter-primitive-expected.txt 2015-10-21 21:45:26 UTC (rev 191403)
@@ -0,0 +1 @@
+PASS if no crash
Property changes on: trunk/LayoutTests/svg/filters/display-none-filter-primitive-expected.txt
___________________________________________________________________
Added: svn:mime-type
Added: svn:keywords
Added: svn:eol-style
Added: trunk/LayoutTests/svg/filters/display-none-filter-primitive.html (0 => 191403)
--- trunk/LayoutTests/svg/filters/display-none-filter-primitive.html (rev 0)
+++ trunk/LayoutTests/svg/filters/display-none-filter-primitive.html 2015-10-21 21:45:26 UTC (rev 191403)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<svg>
+ <filter id="f">
+ <feMerge style="display: none">
+ <feMergeNode/>
+ </feMerge>
+ <feDiffuseLighting/>
+ </filter>
+ <rect filter="url(#f)" width="100" height="100"/>
+</svg>
+<p>PASS if no crash</p>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
\ No newline at end of file
Property changes on: trunk/LayoutTests/svg/filters/display-none-filter-primitive.html
___________________________________________________________________
Added: svn:mime-type
Added: svn:keywords
Added: svn:eol-style
Modified: trunk/Source/WebCore/ChangeLog (191402 => 191403)
--- trunk/Source/WebCore/ChangeLog 2015-10-21 21:26:41 UTC (rev 191402)
+++ trunk/Source/WebCore/ChangeLog 2015-10-21 21:45:26 UTC (rev 191403)
@@ -1,3 +1,22 @@
+2015-10-21 Dean Jackson <d...@apple.com>
+
+ Null dereference loading Blink layout test svg/filters/display-none-filter-primitive.html
+ https://bugs.webkit.org/show_bug.cgi?id=150212
+ <rdar://problem/23137376>
+
+ Reviewed by Brent Fulgham.
+
+ Handle the case where a filter element doesn't have a renderer. Inspired by the Blink
+ commit:
+ https://chromium.googlesource.com/chromium/src.git/+/fb79f7fc46552d45127acd2959a23662ad8f271e
+
+ Test: svg/filters/display-none-filter-primitive.html
+
+ * rendering/svg/RenderSVGResourceFilter.cpp:
+ (WebCore::RenderSVGResourceFilter::buildPrimitives):
+ * svg/graphics/filters/SVGFilterBuilder.cpp:
+ (WebCore::SVGFilterBuilder::appendEffectToEffectReferences):
+
2015-10-21 Brady Eidson <beid...@apple.com>
Modern IDB: Add basic transaction aborting.
Modified: trunk/Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp (191402 => 191403)
--- trunk/Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp 2015-10-21 21:26:41 UTC (rev 191402)
+++ trunk/Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp 2015-10-21 21:45:26 UTC (rev 191403)
@@ -90,7 +90,8 @@
builder->appendEffectToEffectReferences(effect.copyRef(), element.renderer());
element.setStandardAttributes(effect.get());
effect->setEffectBoundaries(SVGLengthContext::resolveRectangle<SVGFilterPrimitiveStandardAttributes>(&element, filterElement().primitiveUnits(), targetBoundingBox));
- effect->setOperatingColorSpace(element.renderer()->style().svgStyle().colorInterpolationFilters() == CI_LINEARRGB ? ColorSpaceLinearRGB : ColorSpaceDeviceRGB);
+ if (element.renderer())
+ effect->setOperatingColorSpace(element.renderer()->style().svgStyle().colorInterpolationFilters() == CI_LINEARRGB ? ColorSpaceLinearRGB : ColorSpaceDeviceRGB);
builder->add(element.result(), WTF::move(effect));
}
return builder;
Modified: trunk/Source/WebCore/svg/graphics/filters/SVGFilterBuilder.cpp (191402 => 191403)
--- trunk/Source/WebCore/svg/graphics/filters/SVGFilterBuilder.cpp 2015-10-21 21:26:41 UTC (rev 191402)
+++ trunk/Source/WebCore/svg/graphics/filters/SVGFilterBuilder.cpp 2015-10-21 21:45:26 UTC (rev 191403)
@@ -66,7 +66,7 @@
{
// The effect must be a newly created filter effect.
ASSERT(!m_effectReferences.contains(effect));
- ASSERT(object && !m_effectRenderer.contains(object));
+ ASSERT(!object || !m_effectRenderer.contains(object));
m_effectReferences.add(effect, FilterEffectSet());
unsigned numberOfInputEffects = effect->inputEffects().size();
@@ -74,7 +74,12 @@
// It is not possible to add the same value to a set twice.
for (unsigned i = 0; i < numberOfInputEffects; ++i)
effectReferences(effect->inputEffect(i)).add(effect.get());
- m_effectRenderer.add(object, effect.get());
+
+ // If object is null, that means the element isn't attached for some
+ // reason, which in turn mean that certain types of invalidation will not
+ // work (the LayoutObject -> FilterEffect mapping will not be defined).
+ if (object)
+ m_effectRenderer.add(object, effect.get());
}
void SVGFilterBuilder::clearEffects()
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes