Title: [248743] branches/safari-608-branch
- Revision
- 248743
- Author
- alanc...@apple.com
- Date
- 2019-08-15 13:49:56 -0700 (Thu, 15 Aug 2019)
Log Message
Cherry-pick r248722. rdar://problem/54360866
Negative size box with border radius causes hang under WebCore::approximateAsRegion
https://bugs.webkit.org/show_bug.cgi?id=200769
<rdar://problem/53380674>
Reviewed by Alex Christensen.
Source/WebCore:
If a box's width or height computes negative the rounded border rect will also be negative.
This caused near-infinite loop during rounded border region approximation.
Test: fast/css/border-radius-negative-size.html
* platform/graphics/RoundedRect.cpp:
(WebCore::approximateAsRegion):
Bail out if the region is empty (which includes negative sizes).
For safety also limit the number of rectangles we generate for corner arc approximation.
LayoutTests:
* fast/css/border-radius-negative-size-expected.txt: Added.
* fast/css/border-radius-negative-size.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248722 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Added Paths
Diff
Modified: branches/safari-608-branch/LayoutTests/ChangeLog (248742 => 248743)
--- branches/safari-608-branch/LayoutTests/ChangeLog 2019-08-15 20:49:52 UTC (rev 248742)
+++ branches/safari-608-branch/LayoutTests/ChangeLog 2019-08-15 20:49:56 UTC (rev 248743)
@@ -1,5 +1,47 @@
2019-08-15 Alan Coon <alanc...@apple.com>
+ Cherry-pick r248722. rdar://problem/54360866
+
+ Negative size box with border radius causes hang under WebCore::approximateAsRegion
+ https://bugs.webkit.org/show_bug.cgi?id=200769
+ <rdar://problem/53380674>
+
+ Reviewed by Alex Christensen.
+
+ Source/WebCore:
+
+ If a box's width or height computes negative the rounded border rect will also be negative.
+ This caused near-infinite loop during rounded border region approximation.
+
+ Test: fast/css/border-radius-negative-size.html
+
+ * platform/graphics/RoundedRect.cpp:
+ (WebCore::approximateAsRegion):
+
+ Bail out if the region is empty (which includes negative sizes).
+ For safety also limit the number of rectangles we generate for corner arc approximation.
+
+ LayoutTests:
+
+ * fast/css/border-radius-negative-size-expected.txt: Added.
+ * fast/css/border-radius-negative-size.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248722 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-08-15 Antti Koivisto <an...@apple.com>
+
+ Negative size box with border radius causes hang under WebCore::approximateAsRegion
+ https://bugs.webkit.org/show_bug.cgi?id=200769
+ <rdar://problem/53380674>
+
+ Reviewed by Alex Christensen.
+
+ * fast/css/border-radius-negative-size-expected.txt: Added.
+ * fast/css/border-radius-negative-size.html: Added.
+
+2019-08-15 Alan Coon <alanc...@apple.com>
+
Cherry-pick r248662. rdar://problem/54333792
[iPadOS] slides.google.com: Cannot dismiss the context menu by tapping on the canvas
Added: branches/safari-608-branch/LayoutTests/fast/css/border-radius-negative-size-expected.txt (0 => 248743)
--- branches/safari-608-branch/LayoutTests/fast/css/border-radius-negative-size-expected.txt (rev 0)
+++ branches/safari-608-branch/LayoutTests/fast/css/border-radius-negative-size-expected.txt 2019-08-15 20:49:56 UTC (rev 248743)
@@ -0,0 +1 @@
+This test passes if it doesn't hang.
Added: branches/safari-608-branch/LayoutTests/fast/css/border-radius-negative-size.html (0 => 248743)
--- branches/safari-608-branch/LayoutTests/fast/css/border-radius-negative-size.html (rev 0)
+++ branches/safari-608-branch/LayoutTests/fast/css/border-radius-negative-size.html 2019-08-15 20:49:56 UTC (rev 248743)
@@ -0,0 +1,28 @@
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<style>
+.test {
+ position: absolute;
+ box-sizing: border-box;
+ left: 0px;
+ right: 0px;
+ margin-left: 200px;
+ border-radius: 10px;
+ border: 2px solid red;
+ height: 10px;
+}
+.container {
+ position: relative;
+ width: 100px;
+ height: 100px;
+ border: 2px solid blue;
+ will-change:transform;
+}
+</style>
+<div class="container">
+<div class="test">
+This test passes if it doesn't hang.
+</div>
+</div>
Modified: branches/safari-608-branch/Source/WebCore/ChangeLog (248742 => 248743)
--- branches/safari-608-branch/Source/WebCore/ChangeLog 2019-08-15 20:49:52 UTC (rev 248742)
+++ branches/safari-608-branch/Source/WebCore/ChangeLog 2019-08-15 20:49:56 UTC (rev 248743)
@@ -1,5 +1,55 @@
2019-08-15 Alan Coon <alanc...@apple.com>
+ Cherry-pick r248722. rdar://problem/54360866
+
+ Negative size box with border radius causes hang under WebCore::approximateAsRegion
+ https://bugs.webkit.org/show_bug.cgi?id=200769
+ <rdar://problem/53380674>
+
+ Reviewed by Alex Christensen.
+
+ Source/WebCore:
+
+ If a box's width or height computes negative the rounded border rect will also be negative.
+ This caused near-infinite loop during rounded border region approximation.
+
+ Test: fast/css/border-radius-negative-size.html
+
+ * platform/graphics/RoundedRect.cpp:
+ (WebCore::approximateAsRegion):
+
+ Bail out if the region is empty (which includes negative sizes).
+ For safety also limit the number of rectangles we generate for corner arc approximation.
+
+ LayoutTests:
+
+ * fast/css/border-radius-negative-size-expected.txt: Added.
+ * fast/css/border-radius-negative-size.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248722 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-08-15 Antti Koivisto <an...@apple.com>
+
+ Negative size box with border radius causes hang under WebCore::approximateAsRegion
+ https://bugs.webkit.org/show_bug.cgi?id=200769
+ <rdar://problem/53380674>
+
+ Reviewed by Alex Christensen.
+
+ If a box's width or height computes negative the rounded border rect will also be negative.
+ This caused near-infinite loop during rounded border region approximation.
+
+ Test: fast/css/border-radius-negative-size.html
+
+ * platform/graphics/RoundedRect.cpp:
+ (WebCore::approximateAsRegion):
+
+ Bail out if the region is empty (which includes negative sizes).
+ For safety also limit the number of rectangles we generate for corner arc approximation.
+
+2019-08-15 Alan Coon <alanc...@apple.com>
+
Cherry-pick r248648. rdar://problem/54333931
Focus rings are black
Modified: branches/safari-608-branch/Source/WebCore/platform/graphics/RoundedRect.cpp (248742 => 248743)
--- branches/safari-608-branch/Source/WebCore/platform/graphics/RoundedRect.cpp 2019-08-15 20:49:52 UTC (rev 248742)
+++ branches/safari-608-branch/Source/WebCore/platform/graphics/RoundedRect.cpp 2019-08-15 20:49:56 UTC (rev 248743)
@@ -310,6 +310,9 @@
{
Region region;
+ if (roundedRect.isEmpty())
+ return region;
+
auto& rect = roundedRect.rect();
region.unite(enclosingIntRect(rect));
@@ -332,6 +335,9 @@
auto arcLengthFactor = roundToInt(std::min(axes.width(), axes.height()));
auto count = (arcLengthFactor + (stepLength / 2)) / stepLength;
+ constexpr auto maximumCount = 20u;
+ count = std::min(maximumCount, count);
+
for (auto i = 0u; i < count; ++i) {
auto angle = fromAngle + (i + 1) * (toAngle - fromAngle) / (count + 1);
auto ellipsisPoint = LayoutPoint { axes.width() * cos(angle), axes.height() * sin(angle) };
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
