Changeset 200283 in webkit

Timestamp:

Apr 29, 2016, 9:13:16 PM (10 years ago)

Author:

Simon Fraser

Message:

Blur filter escapes an enclosing overflow:hidden
​https://bugs.webkit.org/show_bug.cgi?id=155029

Reviewed by Zalan Bujtas.

Source/WebCore:

The clipping that was applied when drawing the results of filters was wrong for two reasons.

First, it used localPaintingInfo which has already been contaminated when setting up the filters.
When painting the result, we need to use the original paintingInfo, to get the right paintDirtyRect.

Secondly, when setting up the clip to paint the filter result, it was relying on layerFragments[0].backgroundRect.
However, that was also contaminated by filter setup, since calculateRects() intersects with paintDirtyRect to
compute that backgroundRect, and that paintDirtyRect came from filterPainter->repaintRect().

Fix this second issue by re-running collectFragments(), which computes a fragment backgroundRect using
the original paintDirtyRect.

Tests: css3/filters/blur-clipped-by-ancestor.html

css3/filters/blur-clipped-with-overflow.html
css3/filters/drop-shadow-with-overflow-hidden.html
css3/filters/drop-shadow.html

• platform/graphics/filters/FilterEffect.cpp:

(WebCore::FilterEffect::clearResult): Unconditionally null these out.

• rendering/FilterEffectRenderer.cpp:

(WebCore::FilterEffectRendererHelper::beginFilterEffect): Typo fix.

• rendering/FilterEffectRenderer.h:

(WebCore::FilterEffectRendererHelper::FilterEffectRendererHelper): C++11 initialization.

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::applyFilters):
(WebCore::RenderLayer::paintLayerContents):

• rendering/RenderLayer.h: const

LayoutTests:

• css3/filters/blur-clipped-by-ancestor-expected.html: Added.
• css3/filters/blur-clipped-by-ancestor.html: Added.
• css3/filters/blur-clipped-with-overflow-expected.html: Added.
• css3/filters/blur-clipped-with-overflow.html: Added.
• css3/filters/drop-shadow-expected.html: Added.
• css3/filters/drop-shadow-with-overflow-hidden-expected.html: Added.
• css3/filters/drop-shadow-with-overflow-hidden.html: Added.
• css3/filters/drop-shadow.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/css3/filters/blur-clipped-by-ancestor-expected.html (added)
• LayoutTests/css3/filters/blur-clipped-by-ancestor.html (added)
• LayoutTests/css3/filters/blur-clipped-with-overflow-expected.html (added)
• LayoutTests/css3/filters/blur-clipped-with-overflow.html (added)
• LayoutTests/css3/filters/drop-shadow-expected.html (added)
• LayoutTests/css3/filters/drop-shadow-with-overflow-hidden-expected.html (added)
• LayoutTests/css3/filters/drop-shadow-with-overflow-hidden.html (added)
• LayoutTests/css3/filters/drop-shadow.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/platform/graphics/filters/FilterEffect.cpp (modified) (1 diff)
• Source/WebCore/rendering/FilterEffectRenderer.cpp (modified) (2 diffs)
• Source/WebCore/rendering/FilterEffectRenderer.h (modified) (3 diffs)
• Source/WebCore/rendering/RenderLayer.cpp (modified) (5 diffs)
• Source/WebCore/rendering/RenderLayer.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2016-04-29  Simon Fraser  <simon.fraser@apple.com>
+
+        Blur filter escapes an enclosing overflow:hidden
+        https://bugs.webkit.org/show_bug.cgi?id=155029
+
+        Reviewed by Zalan Bujtas.
+
+        * css3/filters/blur-clipped-by-ancestor-expected.html: Added.
+        * css3/filters/blur-clipped-by-ancestor.html: Added.
+        * css3/filters/blur-clipped-with-overflow-expected.html: Added.
+        * css3/filters/blur-clipped-with-overflow.html: Added.
+        * css3/filters/drop-shadow-expected.html: Added.
+        * css3/filters/drop-shadow-with-overflow-hidden-expected.html: Added.
+        * css3/filters/drop-shadow-with-overflow-hidden.html: Added.
+        * css3/filters/drop-shadow.html: Added.
+
 2016-04-29  Myles C. Maxfield  <mmaxfield@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2016-04-29  Simon Fraser  <simon.fraser@apple.com>
+
+        Blur filter escapes an enclosing overflow:hidden
+        https://bugs.webkit.org/show_bug.cgi?id=155029
+
+        Reviewed by Zalan Bujtas.
+
+        The clipping that was applied when drawing the results of filters was wrong for two reasons.
+
+        First, it used localPaintingInfo which has already been contaminated when setting up the filters.
+        When painting the result, we need to use the original paintingInfo, to get the right paintDirtyRect.
+
+        Secondly, when setting up the clip to paint the filter result, it was relying on layerFragments[0].backgroundRect.
+        However, that was also contaminated by filter setup, since calculateRects() intersects with paintDirtyRect to
+        compute that backgroundRect, and that paintDirtyRect came from filterPainter->repaintRect().
+        
+        Fix this second issue by re-running collectFragments(), which computes a fragment backgroundRect using
+        the original paintDirtyRect.
+
+        Tests: css3/filters/blur-clipped-by-ancestor.html
+               css3/filters/blur-clipped-with-overflow.html
+               css3/filters/drop-shadow-with-overflow-hidden.html
+               css3/filters/drop-shadow.html
+
+        * platform/graphics/filters/FilterEffect.cpp:
+        (WebCore::FilterEffect::clearResult): Unconditionally null these out.
+        * rendering/FilterEffectRenderer.cpp:
+        (WebCore::FilterEffectRendererHelper::beginFilterEffect): Typo fix.
+        * rendering/FilterEffectRenderer.h:
+        (WebCore::FilterEffectRendererHelper::FilterEffectRendererHelper): C++11 initialization.
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::applyFilters):
+        (WebCore::RenderLayer::paintLayerContents):
+        * rendering/RenderLayer.h: const
+
 2016-04-29  Myles C. Maxfield  <mmaxfield@apple.com>
 

trunk/Source/WebCore/platform/graphics/filters/FilterEffect.cpp

@@ -198 +198 @@
     if (m_imageBufferResult)
         m_imageBufferResult.reset();
-    if (m_unmultipliedImageResult)
-        m_unmultipliedImageResult = nullptr;
-    if (m_premultipliedImageResult)
-        m_premultipliedImageResult = nullptr;
+
+    m_unmultipliedImageResult = nullptr;
+    m_premultipliedImageResult = nullptr;
 }
 

trunk/Source/WebCore/rendering/FilterEffectRenderer.cpp

@@ -68 +68 @@
 FilterEffectRenderer::FilterEffectRenderer()
     : Filter(AffineTransform())
-    , m_graphicsBufferAttached(false)
-    , m_hasFilterThatMovesPixels(false)
 {
     setFilterResolution(FloatSize(1, 1));
@@ -408 +406 @@
     }
     
-    // Translate the context so that the contents of the layer is captuterd in the offscreen memory buffer.
+    // Translate the context so that the contents of the layer is captured in the offscreen memory buffer.
     sourceGraphicsContext->save();
     sourceGraphicsContext->translate(-m_paintOffset.x(), -m_paintOffset.y());

trunk/Source/WebCore/rendering/FilterEffectRenderer.h

@@ -59 +59 @@
 public:
     FilterEffectRendererHelper(bool haveFilterEffect)
-        : m_renderLayer(0)
-        , m_haveFilterEffect(haveFilterEffect)
-        , m_startedFilterEffect(false)
+        : m_haveFilterEffect(haveFilterEffect)
     {
     }
@@ -77 +75 @@
 
 private:
-    RenderLayer* m_renderLayer; // FIXME: this is mainly used to get the FilterEffectRenderer. FilterEffectRendererHelper should be weaned off it.
+    RenderLayer* m_renderLayer { nullptr }; // FIXME: this is mainly used to get the FilterEffectRenderer. FilterEffectRendererHelper should be weaned off it.
     LayoutPoint m_paintOffset;
     LayoutRect m_repaintRect;
-    bool m_haveFilterEffect;
-    bool m_startedFilterEffect;
+    bool m_haveFilterEffect { false };
+    bool m_startedFilterEffect { false };
 };
 
@@ -146 +144 @@
     IntRectExtent m_outsets;
 
-    bool m_graphicsBufferAttached;
-    bool m_hasFilterThatMovesPixels;
+    bool m_graphicsBufferAttached { false };
+    bool m_hasFilterThatMovesPixels { false };
 };
 

trunk/Source/WebCore/rendering/RenderLayer.cpp

@@ -4197 +4197 @@
 }
 
-void RenderLayer::applyFilters(FilterEffectRendererHelper* filterPainter, GraphicsContext& originalContext, LayerPaintingInfo& paintingInfo, LayerFragments& layerFragments)
+void RenderLayer::applyFilters(FilterEffectRendererHelper* filterPainter, GraphicsContext& originalContext, const LayerPaintingInfo& paintingInfo, const LayerFragments& layerFragments)
 {
     ASSERT(filterPainter->hasStartedFilterEffect());
-    // Apply the correct clipping (ie. overflow: hidden).
-    // FIXME: It is incorrect to just clip to the damageRect here once multiple fragments are involved.
+
+    // FIXME: Handle more than one fragment.
     ClipRect backgroundRect = layerFragments.isEmpty() ? ClipRect() : layerFragments[0].backgroundRect;
     clipToRect(paintingInfo, originalContext, backgroundRect);
@@ -4292 +4292 @@
         hasClipPath = setupClipPath(context, paintingInfo, columnAwareOffsetFromRoot, rootRelativeBounds, rootRelativeBoundsComputed);
 
-    LayerPaintingInfo localPaintingInfo(paintingInfo);
-
-    bool selectionAndBackgroundsOnly = localPaintingInfo.paintBehavior & PaintBehaviorSelectionAndBackgroundsOnly;
-    bool selectionOnly = localPaintingInfo.paintBehavior & PaintBehaviorSelectionOnly;
+    bool selectionAndBackgroundsOnly = paintingInfo.paintBehavior & PaintBehaviorSelectionAndBackgroundsOnly;
+    bool selectionOnly = paintingInfo.paintBehavior & PaintBehaviorSelectionOnly;
     LayerFragments layerFragments;
     RenderObject* subtreePaintRootForRenderer = nullptr;
 
-    { // Scope for currentContext.
+    { // Scope for filter-related state changes.
+        LayerPaintingInfo localPaintingInfo(paintingInfo);
         std::unique_ptr<FilterEffectRendererHelper> filterPainter = setupFilters(context, localPaintingInfo, paintFlags, columnAwareOffsetFromRoot, rootRelativeBounds, rootRelativeBoundsComputed);
 
@@ -4330 +4329 @@
             // fragment should paint. If the parent's filter dictates full repaint to ensure proper filter effect,
             // use the overflow clip as dirty rect, instead of no clipping. It maintains proper clipping for overflow::scroll.
-            if (!paintingInfo.clipToDirtyRect && renderer().hasOverflowClip()) {
+            if (!localPaintingInfo.clipToDirtyRect && renderer().hasOverflowClip()) {
                 // We can turn clipping back by requesting full repaint for the overflow area.
                 localPaintingInfo.clipToDirtyRect = true;
@@ -4382 +4381 @@
 
         if (filterContext) {
-            applyFilters(filterPainter.get(), context, localPaintingInfo, layerFragments);
+            // When we called collectFragments() last time, paintDirtyRect was reset to represent the filter bounds.
+            // Now we need to compute the backgroundRect uncontaminated by filters, in order to clip the filtered result.
+            // Note that we also use paintingInfo here, not localPaintingInfo which filters also contaminated.
+            LayerFragments layerFragments;
+            collectFragments(layerFragments, paintingInfo.rootLayer, paintingInfo.paintDirtyRect, ExcludeCompositedPaginatedLayers,
+                (localPaintFlags & PaintLayerTemporaryClipRects) ? TemporaryClipRects : PaintingClipRects, IgnoreOverlayScrollbarSize,
+                (isPaintingOverflowContents) ? IgnoreOverflowClip : RespectOverflowClip, offsetFromRoot);
+            updatePaintingInfoForFragments(layerFragments, paintingInfo, localPaintFlags, shouldPaintContent, offsetFromRoot);
+
+            applyFilters(filterPainter.get(), context, paintingInfo, layerFragments);
             filterPainter = nullptr;
         }
@@ -4390 +4398 @@
         if (shouldPaintMask(paintingInfo.paintBehavior, localPaintFlags)) {
             // Paint the mask for the fragments.
-            paintMaskForFragments(layerFragments, context, localPaintingInfo, subtreePaintRootForRenderer);
+            paintMaskForFragments(layerFragments, context, paintingInfo, subtreePaintRootForRenderer);
         }
 
         if (!(paintFlags & PaintLayerPaintingCompositingMaskPhase) && (paintFlags & PaintLayerPaintingCompositingClipPathPhase)) {
             // Re-use paintChildClippingMaskForFragments to paint black for the compositing clipping mask.
-            paintChildClippingMaskForFragments(layerFragments, context, localPaintingInfo, subtreePaintRootForRenderer);
+            paintChildClippingMaskForFragments(layerFragments, context, paintingInfo, subtreePaintRootForRenderer);
         }
         
         if ((localPaintFlags & PaintLayerPaintingChildClippingMaskPhase)) {
             // Paint the border radius mask for the fragments.
-            paintChildClippingMaskForFragments(layerFragments, context, localPaintingInfo, subtreePaintRootForRenderer);
+            paintChildClippingMaskForFragments(layerFragments, context, paintingInfo, subtreePaintRootForRenderer);
         }
     }

trunk/Source/WebCore/rendering/RenderLayer.h

@@ -787 +787 @@
     bool hasFilterThatIsPainting(GraphicsContext&, PaintLayerFlags) const;
     std::unique_ptr<FilterEffectRendererHelper> setupFilters(GraphicsContext&, LayerPaintingInfo&, PaintLayerFlags, const LayoutSize& offsetFromRoot, LayoutRect& rootRelativeBounds, bool& rootRelativeBoundsComputed);
-    void applyFilters(FilterEffectRendererHelper*, GraphicsContext& originalContext, LayerPaintingInfo&, LayerFragments&);
+    void applyFilters(FilterEffectRendererHelper*, GraphicsContext& originalContext, const LayerPaintingInfo&, const LayerFragments&);
 
     void paintLayer(GraphicsContext&, const LayerPaintingInfo&, PaintLayerFlags);