[webkit-changes] [286441] trunk

Thu, 02 Dec 2021 11:50:37 -0800

Title: [286441] trunk
Revision
286441
Author
[email protected]
Date
2021-12-02 11:49:47 -0800 (Thu, 02 Dec 2021)

Log Message

Fix crash in GraphicsContextCG::endTransparencyLayer
https://bugs.webkit.org/show_bug.cgi?id=230230

Patch by Tim Nguyen <[email protected]> on 2021-12-02
Reviewed by Myles C. Maxfield.

Source/WebCore:

The crash was due to unbalanced calls to begin and end transparency layers.

A branch handling ancestors of transparent layers that are transform root needed to be
aware of the top layer. Opacity on ancestors don't affect top layer elements so calling
`beginTransparencyLayers` on `parent()` is incorrect.

Also fix `transparentPaintingAncestor()` to be top layer aware to avoid flickering layers
while scrolling.

Test: fast/layers/top-layer-ancestor-opacity-and-transform-crash.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::transparentPaintingAncestor):
(WebCore::RenderLayer::paintLayerWithEffects):

LayoutTests:

* fast/layers/top-layer-ancestor-opacity-and-transform-crash-expected.txt: Added.
* fast/layers/top-layer-ancestor-opacity-and-transform-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (286440 => 286441)


--- trunk/LayoutTests/ChangeLog	2021-12-02 19:39:41 UTC (rev 286440)
+++ trunk/LayoutTests/ChangeLog	2021-12-02 19:49:47 UTC (rev 286441)
@@ -1,3 +1,13 @@
+2021-12-02  Tim Nguyen  <[email protected]>
+
+        Fix crash in GraphicsContextCG::endTransparencyLayer
+        https://bugs.webkit.org/show_bug.cgi?id=230230
+
+        Reviewed by Myles C. Maxfield.
+
+        * fast/layers/top-layer-ancestor-opacity-and-transform-crash-expected.txt: Added.
+        * fast/layers/top-layer-ancestor-opacity-and-transform-crash.html: Added.
+
 2021-12-02  Robert Jenner  <[email protected]>
 
         Unreviewed, reverting r285570.

Added: trunk/LayoutTests/fast/layers/top-layer-ancestor-opacity-and-transform-crash-expected.txt (0 => 286441)


--- trunk/LayoutTests/fast/layers/top-layer-ancestor-opacity-and-transform-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/layers/top-layer-ancestor-opacity-and-transform-crash-expected.txt	2021-12-02 19:49:47 UTC (rev 286441)
@@ -0,0 +1 @@
+PASS if this doesn't crash

Added: trunk/LayoutTests/fast/layers/top-layer-ancestor-opacity-and-transform-crash.html (0 => 286441)


--- trunk/LayoutTests/fast/layers/top-layer-ancestor-opacity-and-transform-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/layers/top-layer-ancestor-opacity-and-transform-crash.html	2021-12-02 19:49:47 UTC (rev 286441)
@@ -0,0 +1,9 @@
+<style>
+* { opacity: 0.1; translate: 1px; }
+</style>
+<dialog>PASS if this doesn't crash</dialog>
+<script>
+    document.querySelector("dialog").showModal();
+    if (testRunner)
+        testRunner.dumpAsText();
+</script>

Modified: trunk/Source/WebCore/ChangeLog (286440 => 286441)


--- trunk/Source/WebCore/ChangeLog	2021-12-02 19:39:41 UTC (rev 286440)
+++ trunk/Source/WebCore/ChangeLog	2021-12-02 19:49:47 UTC (rev 286441)
@@ -1,3 +1,25 @@
+2021-12-02  Tim Nguyen  <[email protected]>
+
+        Fix crash in GraphicsContextCG::endTransparencyLayer
+        https://bugs.webkit.org/show_bug.cgi?id=230230
+
+        Reviewed by Myles C. Maxfield.
+
+        The crash was due to unbalanced calls to begin and end transparency layers.
+
+        A branch handling ancestors of transparent layers that are transform root needed to be
+        aware of the top layer. Opacity on ancestors don't affect top layer elements so calling
+        `beginTransparencyLayers` on `parent()` is incorrect.
+
+        Also fix `transparentPaintingAncestor()` to be top layer aware to avoid flickering layers
+        while scrolling.
+
+        Test: fast/layers/top-layer-ancestor-opacity-and-transform-crash.html
+
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::transparentPaintingAncestor):
+        (WebCore::RenderLayer::paintLayerWithEffects):
+
 2021-12-02  Robert Jenner  <[email protected]>
 
         Unreviewed, reverting r285570.

Modified: trunk/Source/WebCore/rendering/RenderLayer.cpp (286440 => 286441)


--- trunk/Source/WebCore/rendering/RenderLayer.cpp	2021-12-02 19:39:41 UTC (rev 286440)
+++ trunk/Source/WebCore/rendering/RenderLayer.cpp	2021-12-02 19:49:47 UTC (rev 286441)
@@ -2089,9 +2089,9 @@
     if (isComposited())
         return nullptr;
 
-    for (RenderLayer* curr = parent(); curr; curr = curr->parent()) {
+    for (RenderLayer* curr = stackingContext(); curr; curr = curr->stackingContext()) {
         if (curr->isComposited())
-            return nullptr;
+            break;
         if (curr->isTransparent())
             return curr;
     }
@@ -3061,7 +3061,8 @@
         // If we have a transparency layer enclosing us and we are the root of a transform, then we need to establish the transparency
         // layer from the parent now, assuming there is a parent
         if (paintFlags & PaintLayerFlag::HaveTransparency) {
-            if (parent())
+            // Top layer elements are not affected by ancestor opacities
+            if (!establishesTopLayer() && parent())
                 parent()->beginTransparencyLayers(context, paintingInfo, paintingInfo.paintDirtyRect);
             else
                 beginTransparencyLayers(context, paintingInfo, paintingInfo.paintDirtyRect);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to