[webkit-changes] [WebKit/WebKit] 00f03d: Deeply nested SVG patterns can take log time to in...

Thu, 19 Oct 2023 05:17:40 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 00f03d987c0cec7d2821e3d1086bdf15dc807c0d
      
https://github.com/WebKit/WebKit/commit/00f03d987c0cec7d2821e3d1086bdf15dc807c0d
  Author: Said Abou-Hallawa <[email protected]>
  Date:   2023-10-19 (Thu, 19 Oct 2023)

  Changed paths:
    A LayoutTests/svg/custom/pattern-nested-reference-expected.txt
    A LayoutTests/svg/custom/pattern-nested-reference.html
    M Source/WebCore/rendering/svg/RenderSVGResource.cpp
    M Source/WebCore/rendering/svg/RenderSVGResource.h
    M Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp
    M Source/WebCore/rendering/svg/RenderSVGResourceFilter.h
    M Source/WebCore/rendering/svg/RenderSVGResourceGradient.cpp
    M Source/WebCore/rendering/svg/RenderSVGResourceGradient.h
    M Source/WebCore/rendering/svg/RenderSVGResourceMarker.cpp
    M Source/WebCore/rendering/svg/RenderSVGResourceMarker.h
    M Source/WebCore/rendering/svg/RenderSVGResourceMasker.cpp
    M Source/WebCore/rendering/svg/RenderSVGResourceMasker.h
    M Source/WebCore/rendering/svg/RenderSVGResourcePattern.cpp
    M Source/WebCore/rendering/svg/RenderSVGResourcePattern.h
    M Source/WebCore/rendering/svg/RenderSVGResourceSolidColor.h
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceClipper.cpp
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceClipper.h
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceContainer.cpp
    M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceContainer.h

  Log Message:
  -----------
  Deeply nested SVG patterns can take log time to invalidate the target element
https://bugs.webkit.org/show_bug.cgi?id=263349
(rdar://116532387)

Reviewed by Simon Fraser.

The resource's clients invalidation does not take account the visited renderers.
With nested SVG resources this invalidation can have an exponential complexity.
This leads to DoS since loading the SVG or modifying its resources can take
minutes to finish.

Skipping the visited renderers while invalidating the resource's clients should
fix this problem. The complexity of the invalidation will be linear in this 
case.

* LayoutTests/svg/custom/pattern-nested-reference-expected.txt: Added.
* LayoutTests/svg/custom/pattern-nested-reference.html: Added.
* Source/WebCore/rendering/svg/RenderSVGResource.cpp:
(WebCore::RenderSVGResource::removeAllClientsFromCache):
(WebCore::removeFromCacheAndInvalidateDependencies):
(WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation):
(WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidationIfNeeded):
* Source/WebCore/rendering/svg/RenderSVGResource.h:
* Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp:
(WebCore::RenderSVGResourceFilter::removeAllClientsFromCacheIfNeeded):
(WebCore::RenderSVGResourceFilter::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/RenderSVGResourceFilter.h:
* Source/WebCore/rendering/svg/RenderSVGResourceGradient.cpp:
(WebCore::RenderSVGResourceGradient::removeAllClientsFromCacheIfNeeded):
(WebCore::RenderSVGResourceGradient::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/RenderSVGResourceGradient.h:
* Source/WebCore/rendering/svg/RenderSVGResourceMarker.cpp:
(WebCore::RenderSVGResourceMarker::removeAllClientsFromCacheIfNeeded):
(WebCore::RenderSVGResourceMarker::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/RenderSVGResourceMarker.h:
* Source/WebCore/rendering/svg/RenderSVGResourceMasker.cpp:
(WebCore::RenderSVGResourceMasker::removeAllClientsFromCacheIfNeeded):
(WebCore::RenderSVGResourceMasker::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/RenderSVGResourceMasker.h:
* Source/WebCore/rendering/svg/RenderSVGResourcePattern.cpp:
(WebCore::RenderSVGResourcePattern::removeAllClientsFromCacheIfNeeded):
(WebCore::RenderSVGResourcePattern::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/RenderSVGResourcePattern.h:
* Source/WebCore/rendering/svg/RenderSVGResourceSolidColor.h:
* Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceClipper.cpp:
(WebCore::LegacyRenderSVGResourceClipper::removeAllClientsFromCacheIfNeeded):
(WebCore::LegacyRenderSVGResourceClipper::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceClipper.h:
* Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceContainer.cpp:
(WebCore::LegacyRenderSVGResourceContainer::markAllClientsForInvalidation):
(WebCore::LegacyRenderSVGResourceContainer::markAllClientsForInvalidationIfNeeded):
* Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceContainer.h:

Canonical link: https://commits.webkit.org/269516@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to