[webkit-changes] [191403] trunk

[dino]

Title: [191403] trunk

Revision

191403

Author

d...@apple.com

Date

2015-10-21 14:45:26 -0700 (Wed, 21 Oct 2015)

Log Message

Null dereference loading Blink layout test svg/filters/display-none-filter-primitive.html
https://bugs.webkit.org/show_bug.cgi?id=150212
<rdar://problem/23137376>

Reviewed by Brent Fulgham.

Source/WebCore:

Handle the case where a filter element doesn't have a renderer. Inspired by the Blink
commit:
https://chromium.googlesource.com/chromium/src.git/+/fb79f7fc46552d45127acd2959a23662ad8f271e

Test: svg/filters/display-none-filter-primitive.html

* rendering/svg/RenderSVGResourceFilter.cpp:
(WebCore::RenderSVGResourceFilter::buildPrimitives):
* svg/graphics/filters/SVGFilterBuilder.cpp:
(WebCore::SVGFilterBuilder::appendEffectToEffectReferences):

LayoutTests:

* svg/filters/display-none-filter-primitive-expected.txt: Added.
* svg/filters/display-none-filter-primitive.html: Added.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp
• trunk/Source/WebCore/svg/graphics/filters/SVGFilterBuilder.cpp

Added Paths

• trunk/LayoutTests/svg/filters/display-none-filter-primitive-expected.txt
• trunk/LayoutTests/svg/filters/display-none-filter-primitive.html

Diff

Modified: trunk/LayoutTests/ChangeLog (191402 => 191403)

--- trunk/LayoutTests/ChangeLog	2015-10-21 21:26:41 UTC (rev 191402)
+++ trunk/LayoutTests/ChangeLog	2015-10-21 21:45:26 UTC (rev 191403)
@@ -1,3 +1,14 @@
+2015-10-21  Dean Jackson  <d...@apple.com>
+
+        Null dereference loading Blink layout test svg/filters/display-none-filter-primitive.html
+        https://bugs.webkit.org/show_bug.cgi?id=150212
+        <rdar://problem/23137376>
+
+        Reviewed by Brent Fulgham.
+
+        * svg/filters/display-none-filter-primitive-expected.txt: Added.
+        * svg/filters/display-none-filter-primitive.html: Added.
+
 2015-10-21  Brady Eidson  <beid...@apple.com>
 
         Modern IDB: Add basic transaction aborting.

Added: trunk/LayoutTests/svg/filters/display-none-filter-primitive-expected.txt (0 => 191403)

--- trunk/LayoutTests/svg/filters/display-none-filter-primitive-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/svg/filters/display-none-filter-primitive-expected.txt	2015-10-21 21:45:26 UTC (rev 191403)
@@ -0,0 +1 @@
+PASS if no crash
Property changes on: trunk/LayoutTests/svg/filters/display-none-filter-primitive-expected.txt
___________________________________________________________________

Added: svn:mime-type

Added: svn:keywords

Added: svn:eol-style

Added: trunk/LayoutTests/svg/filters/display-none-filter-primitive.html (0 => 191403)

--- trunk/LayoutTests/svg/filters/display-none-filter-primitive.html	                        (rev 0)
+++ trunk/LayoutTests/svg/filters/display-none-filter-primitive.html	2015-10-21 21:45:26 UTC (rev 191403)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<svg>
+  <filter id="f">
+    <feMerge style="display: none">
+      <feMergeNode/>
+    </feMerge>
+    <feDiffuseLighting/>
+  </filter>
+  <rect filter="url(#f)" width="100" height="100"/>
+</svg>
+<p>PASS if no crash</p>
+<script>
+if (window.testRunner)
+  testRunner.dumpAsText();
+</script>
\ No newline at end of file
Property changes on: trunk/LayoutTests/svg/filters/display-none-filter-primitive.html
___________________________________________________________________

Added: svn:mime-type

Added: svn:keywords

Added: svn:eol-style

Modified: trunk/Source/WebCore/ChangeLog (191402 => 191403)

--- trunk/Source/WebCore/ChangeLog	2015-10-21 21:26:41 UTC (rev 191402)
+++ trunk/Source/WebCore/ChangeLog	2015-10-21 21:45:26 UTC (rev 191403)
@@ -1,3 +1,22 @@
+2015-10-21  Dean Jackson  <d...@apple.com>
+
+        Null dereference loading Blink layout test svg/filters/display-none-filter-primitive.html
+        https://bugs.webkit.org/show_bug.cgi?id=150212
+        <rdar://problem/23137376>
+
+        Reviewed by Brent Fulgham.
+
+        Handle the case where a filter element doesn't have a renderer. Inspired by the Blink
+        commit:
+        https://chromium.googlesource.com/chromium/src.git/+/fb79f7fc46552d45127acd2959a23662ad8f271e
+
+        Test: svg/filters/display-none-filter-primitive.html
+
+        * rendering/svg/RenderSVGResourceFilter.cpp:
+        (WebCore::RenderSVGResourceFilter::buildPrimitives):
+        * svg/graphics/filters/SVGFilterBuilder.cpp:
+        (WebCore::SVGFilterBuilder::appendEffectToEffectReferences):
+
 2015-10-21  Brady Eidson  <beid...@apple.com>
 
         Modern IDB: Add basic transaction aborting.

Modified: trunk/Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp (191402 => 191403)

--- trunk/Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp	2015-10-21 21:26:41 UTC (rev 191402)
+++ trunk/Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp	2015-10-21 21:45:26 UTC (rev 191403)
@@ -90,7 +90,8 @@
         builder->appendEffectToEffectReferences(effect.copyRef(), element.renderer());
         element.setStandardAttributes(effect.get());
         effect->setEffectBoundaries(SVGLengthContext::resolveRectangle<SVGFilterPrimitiveStandardAttributes>(&element, filterElement().primitiveUnits(), targetBoundingBox));
-        effect->setOperatingColorSpace(element.renderer()->style().svgStyle().colorInterpolationFilters() == CI_LINEARRGB ? ColorSpaceLinearRGB : ColorSpaceDeviceRGB);
+        if (element.renderer())
+            effect->setOperatingColorSpace(element.renderer()->style().svgStyle().colorInterpolationFilters() == CI_LINEARRGB ? ColorSpaceLinearRGB : ColorSpaceDeviceRGB);
         builder->add(element.result(), WTF::move(effect));
     }
     return builder;

Modified: trunk/Source/WebCore/svg/graphics/filters/SVGFilterBuilder.cpp (191402 => 191403)

--- trunk/Source/WebCore/svg/graphics/filters/SVGFilterBuilder.cpp	2015-10-21 21:26:41 UTC (rev 191402)
+++ trunk/Source/WebCore/svg/graphics/filters/SVGFilterBuilder.cpp	2015-10-21 21:45:26 UTC (rev 191403)
@@ -66,7 +66,7 @@
 {
     // The effect must be a newly created filter effect.
     ASSERT(!m_effectReferences.contains(effect));
-    ASSERT(object && !m_effectRenderer.contains(object));
+    ASSERT(!object || !m_effectRenderer.contains(object));
     m_effectReferences.add(effect, FilterEffectSet());
 
     unsigned numberOfInputEffects = effect->inputEffects().size();
@@ -74,7 +74,12 @@
     // It is not possible to add the same value to a set twice.
     for (unsigned i = 0; i < numberOfInputEffects; ++i)
         effectReferences(effect->inputEffect(i)).add(effect.get());
-    m_effectRenderer.add(object, effect.get());
+
+    // If object is null, that means the element isn't attached for some
+    // reason, which in turn mean that certain types of invalidation will not
+    // work (the LayoutObject -> FilterEffect mapping will not be defined).
+    if (object)
+        m_effectRenderer.add(object, effect.get());
 }
 
 void SVGFilterBuilder::clearEffects()

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes