Context Navigation

← Previous Changeset
Next Changeset →

Changeset 63300 in webkit

Timestamp:

Jul 14, 2010 2:39:25 AM (14 years ago)

Author:

Nikolas Zimmermann

Message:

2010-07-14 Nikolas Zimmermann <nzimmermann@rim.com>

Reviewed by Eric Seidel.

SVG patterns and masks should not be able to reference themselves
https://bugs.webkit.org/show_bug.cgi?id=32171

Don't apply pattern/mask resources, if they contain cyclic references. Gradients/Filters are not affected.
Clippers are already correcly handling this on their own, as well as markers (all which require subtle quirks, covered by existing tests).

Tests: svg/custom/recursive-filter.svg

svg/custom/recursive-gradient.svg
svg/custom/recursive-mask.svg
svg/custom/recursive-pattern.svg

rendering/RenderSVGResourceContainer.h: (WebCore::RenderSVGResourceContainer::RenderSVGResourceContainer): Stop using idForStyleResolution(), but use getIdAttribute(), no functional change though. (WebCore::RenderSVGResourceContainer::idChanged): Ditto. (WebCore::RenderSVGResourceContainer::childElementReferencesResource): To be implemented by classes inheriting from us. Defaults to false. (WebCore::RenderSVGResourceContainer::containsCyclicReference): Check whether this resource contains contains a child which references ourselves.
rendering/RenderSVGResourceMasker.cpp: (WebCore::RenderSVGResourceMasker::childElementReferencesResource): Check whether the masker child specifies mask=".." with the same URI than ourselves. (WebCore::RenderSVGResourceMasker::applyResource): Early exit if we contain a cylic reference.
rendering/RenderSVGResourceMasker.h:
rendering/RenderSVGResourcePattern.cpp: (WebCore::RenderSVGResourcePattern::childElementReferencesResource): Check whether the masker child specifies fill=".." with the same URI than ourselves. (WebCore::RenderSVGResourcePattern::applyResource): Early exit if we contain a cylic reference.
rendering/RenderSVGResourcePattern.h:
svg/SVGPaint.cpp: (WebCore::SVGPaint::matchesTargetURI): Add new helper function comparing a SVGPaint URI with a given reference id.
svg/SVGPaint.h:

2010-07-14 Nikolas Zimmermann <nzimmermann@rim.com>

Reviewed by Eric Seidel.

SVG patterns and masks should not be able to reference themselves
https://bugs.webkit.org/show_bug.cgi?id=32171

Add new layout tests covering recursion in pattern/mask/gradient/filter. Nothing crashing anymore.

platform/mac/svg/custom/recursive-filter-expected.checksum: Added.
platform/mac/svg/custom/recursive-filter-expected.png: Added.
platform/mac/svg/custom/recursive-filter-expected.txt: Added.
platform/mac/svg/custom/recursive-gradient-expected.checksum: Added.
platform/mac/svg/custom/recursive-gradient-expected.png: Added.
platform/mac/svg/custom/recursive-gradient-expected.txt: Added.
platform/mac/svg/custom/recursive-mask-expected.checksum: Added.
platform/mac/svg/custom/recursive-mask-expected.png: Added.
platform/mac/svg/custom/recursive-mask-expected.txt: Added.
platform/mac/svg/custom/recursive-pattern-expected.checksum: Added.
platform/mac/svg/custom/recursive-pattern-expected.png: Added.
platform/mac/svg/custom/recursive-pattern-expected.txt: Added.
svg/custom/recursive-filter.svg: Added.
svg/custom/recursive-gradient.svg: Added.
svg/custom/recursive-mask.svg: Added.
svg/custom/recursive-pattern.svg: Added.

Location:

trunk

Files:

: 16 added
: 9 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/platform/mac/svg/custom/recursive-filter-expected.checksum (added)
LayoutTests/platform/mac/svg/custom/recursive-filter-expected.png (added)
LayoutTests/platform/mac/svg/custom/recursive-filter-expected.txt (added)
LayoutTests/platform/mac/svg/custom/recursive-gradient-expected.checksum (added)
LayoutTests/platform/mac/svg/custom/recursive-gradient-expected.png (added)
LayoutTests/platform/mac/svg/custom/recursive-gradient-expected.txt (added)
LayoutTests/platform/mac/svg/custom/recursive-mask-expected.checksum (added)
LayoutTests/platform/mac/svg/custom/recursive-mask-expected.png (added)
LayoutTests/platform/mac/svg/custom/recursive-mask-expected.txt (added)
LayoutTests/platform/mac/svg/custom/recursive-pattern-expected.checksum (added)
LayoutTests/platform/mac/svg/custom/recursive-pattern-expected.png (added)
LayoutTests/platform/mac/svg/custom/recursive-pattern-expected.txt (added)
LayoutTests/svg/custom/recursive-filter.svg (added)
LayoutTests/svg/custom/recursive-gradient.svg (added)
LayoutTests/svg/custom/recursive-mask.svg (added)
LayoutTests/svg/custom/recursive-pattern.svg (added)
WebCore/ChangeLog (modified) (1 diff)
WebCore/rendering/RenderSVGResourceContainer.h (modified) (4 diffs)
WebCore/rendering/RenderSVGResourceMasker.cpp (modified) (2 diffs)
WebCore/rendering/RenderSVGResourceMasker.h (modified) (1 diff)
WebCore/rendering/RenderSVGResourcePattern.cpp (modified) (2 diffs)
WebCore/rendering/RenderSVGResourcePattern.h (modified) (1 diff)
WebCore/svg/SVGPaint.cpp (modified) (3 diffs)
WebCore/svg/SVGPaint.h (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r63298
+                      r63300
+-07-14  Nikolas Zimmermann  <nzimmermann@rim.com>
+        Reviewed by Eric Seidel.
+        SVG patterns and masks should not be able to reference themselves
+        https://bugs.webkit.org/show_bug.cgi?id=32171
+        Add new layout tests covering recursion in pattern/mask/gradient/filter. Nothing crashing anymore.
+        * platform/mac/svg/custom/recursive-filter-expected.checksum: Added.
+        * platform/mac/svg/custom/recursive-filter-expected.png: Added.
+        * platform/mac/svg/custom/recursive-filter-expected.txt: Added.
+        * platform/mac/svg/custom/recursive-gradient-expected.checksum: Added.
+        * platform/mac/svg/custom/recursive-gradient-expected.png: Added.
+        * platform/mac/svg/custom/recursive-gradient-expected.txt: Added.
+        * platform/mac/svg/custom/recursive-mask-expected.checksum: Added.
+        * platform/mac/svg/custom/recursive-mask-expected.png: Added.
+        * platform/mac/svg/custom/recursive-mask-expected.txt: Added.
+        * platform/mac/svg/custom/recursive-pattern-expected.checksum: Added.
+        * platform/mac/svg/custom/recursive-pattern-expected.png: Added.
+        * platform/mac/svg/custom/recursive-pattern-expected.txt: Added.
+        * svg/custom/recursive-filter.svg: Added.
+        * svg/custom/recursive-gradient.svg: Added.
+        * svg/custom/recursive-mask.svg: Added.
+        * svg/custom/recursive-pattern.svg: Added.
 -07-14  Yuta Kitamura  <yutak@chromium.org>

trunk/WebCore/ChangeLog

-                      r63291
+                      r63300
+-07-14  Nikolas Zimmermann  <nzimmermann@rim.com>
+        Reviewed by Eric Seidel.
+        SVG patterns and masks should not be able to reference themselves
+        https://bugs.webkit.org/show_bug.cgi?id=32171
+        Don't apply pattern/mask resources, if they contain cyclic references. Gradients/Filters are not affected.
+        Clippers are already correcly handling this on their own, as well as markers (all which require subtle quirks, covered by existing tests).
+        Tests: svg/custom/recursive-filter.svg
+               svg/custom/recursive-gradient.svg
+               svg/custom/recursive-mask.svg
+               svg/custom/recursive-pattern.svg
+        * rendering/RenderSVGResourceContainer.h:
+        (WebCore::RenderSVGResourceContainer::RenderSVGResourceContainer): Stop using idForStyleResolution(), but use getIdAttribute(), no functional change though.
+        (WebCore::RenderSVGResourceContainer::idChanged): Ditto.
+        (WebCore::RenderSVGResourceContainer::childElementReferencesResource): To be implemented by classes inheriting from us. Defaults to false.
+        (WebCore::RenderSVGResourceContainer::containsCyclicReference): Check whether this resource contains contains a child which references ourselves.
+        * rendering/RenderSVGResourceMasker.cpp:
+        (WebCore::RenderSVGResourceMasker::childElementReferencesResource): Check whether the masker child specifies mask=".." with the same URI than ourselves.
+        (WebCore::RenderSVGResourceMasker::applyResource): Early exit if we contain a cylic reference.
+        * rendering/RenderSVGResourceMasker.h:
+        * rendering/RenderSVGResourcePattern.cpp:
+        (WebCore::RenderSVGResourcePattern::childElementReferencesResource): Check whether the masker child specifies fill=".." with the same URI than ourselves.
+        (WebCore::RenderSVGResourcePattern::applyResource): Early exit if we contain a cylic reference.
+        * rendering/RenderSVGResourcePattern.h:
+        * svg/SVGPaint.cpp:
+        (WebCore::SVGPaint::matchesTargetURI): Add new helper function comparing a SVGPaint URI with a given reference id.
+        * svg/SVGPaint.h:
 -07-14  Eric Seidel  <eric@webkit.org>

trunk/WebCore/rendering/RenderSVGResourceContainer.h

-                      r61094
+                      r63300
         : RenderSVGHiddenContainer(node)
         , RenderSVGResource()
+        // FIXME: Should probably be using getIdAttribute rather than idForStyleResolution.
+        , m_id(node->hasID() ? node->idForStyleResolution() : nullAtom)
+        , m_id(node->hasID() ? node->getIdAttribute() : nullAtom)
+    {
         ASSERT(node->document());
 …
         // Remove old id, that is guaranteed to be present in cache
         extensions->removeResource(m_id);
+        // FIXME: Should probably be using getIdAttribute rather than idForStyleResolution.
+        m_id = node()->hasID() ? static_cast<Element*>(node())->idForStyleResolution() : nullAtom;
+        m_id = static_cast<Element*>(node())->getIdAttribute();
         // It's possible that an element is referencing us with the new id, and has to be notified that we're existing now
 …
     virtual RenderSVGResourceContainer* toRenderSVGResourceContainer() { return this; }
+    virtual bool childElementReferencesResource(const SVGRenderStyle*, const String&) const { return false; }
     static AffineTransform transformOnNonScalingStroke(RenderObject* object, const AffineTransform resourceTransform)
+    {
 …
         transform.multiply(element->getScreenCTM());
         return transform;
+    }
+    bool containsCyclicReference(const Node* startNode) const
+    {
+        Document* document = startNode->document();
+        ASSERT(document);
+        for (Node* node = startNode->firstChild(); node; node = node->nextSibling()) {
+            if (!node->isSVGElement())
+                continue;
+            RenderObject* renderer = node->renderer();
+            if (!renderer)
+                continue;
+            RenderStyle* style = renderer->style();
+            if (!style)
+                continue;
+            const SVGRenderStyle* svgStyle = style->svgStyle();
+            ASSERT(svgStyle);
+            // Let the class inheriting from us decide whether the child element references ourselves.
+            if (childElementReferencesResource(svgStyle, m_id))
+                return true;
+            if (node->hasChildNodes()) {
+                if (containsCyclicReference(node))
+                    return true;
+            }
+        }
+        return false;
+    }

trunk/WebCore/rendering/RenderSVGResourceMasker.cpp

-                      r62118
+                      r63300
+}
+bool RenderSVGResourceMasker::childElementReferencesResource(const SVGRenderStyle* style, const String& referenceId) const
+{
+    if (!style->hasMasker())
+        return false;
+    return style->maskerResource() == referenceId;
+}
 bool RenderSVGResourceMasker::applyResource(RenderObject* object, RenderStyle*, GraphicsContext*& context, unsigned short resourceMode)
+{
 …
         SVGMaskElement* maskElement = static_cast<SVGMaskElement*>(node());
         if (!maskElement)
+            return false;
+        // Early exit, if this resource contains a child which references ourselves.
+        if (containsCyclicReference(node()))
             return false;

trunk/WebCore/rendering/RenderSVGResourceMasker.h

r60541	r63300
70	70	void calculateMaskContentRepaintRect();
71	71
	72	virtual bool childElementReferencesResource(const SVGRenderStyle*, const String&) const;
	73
72	74	FloatRect m_maskBoundaries;
73	75	HashMap<RenderObject, MaskerData> m_masker;

trunk/WebCore/rendering/RenderSVGResourcePattern.cpp

-                      r62118
+                      r63300
+}
+bool RenderSVGResourcePattern::childElementReferencesResource(const SVGRenderStyle* style, const String& referenceId) const
+{
+    if (style->hasFill()) {
+        if (style->fillPaint()->matchesTargetURI(referenceId))
+            return true;
+    }
+    if (style->hasStroke()) {
+        if (style->strokePaint()->matchesTargetURI(referenceId))
+            return true;
+    }
+    return false;
+}
 bool RenderSVGResourcePattern::applyResource(RenderObject* object, RenderStyle* style, GraphicsContext*& context, unsigned short resourceMode)
+{
 …
     PatternData* patternData = m_pattern.get(object);
     if (!patternData->pattern) {
+        // Early exit, if this resource contains a child which references ourselves.
+        if (containsCyclicReference(node()))
+            return false;
         // Create tile image

trunk/WebCore/rendering/RenderSVGResourcePattern.h

r60760	r63300
68	68	const AffineTransform& viewBoxCTM, const FloatRect& patternBoundaries) const;
69	69
	70	virtual bool childElementReferencesResource(const SVGRenderStyle*, const String&) const;
	71
70	72	HashMap<RenderObject, PatternData> m_pattern;
71	73	};

trunk/WebCore/svg/SVGPaint.cpp

-                      r61324
+                      r63300
 /*
     Copyright (C) 2004, 2005 Nikolas Zimmermann <wildfox@kde.org>
+    Copyright (C) 2004, 2005 Nikolas Zimmermann <zimmermann@kde.org>
 , 2005, 2006, 2007 Rob Buis <buis@kde.org>
+    Copyright (C) Research In Motion Limited 2010. All rights reserved.
     This library is free software; you can redistribute it and/or
 …
 #include "config.h"
 #if ENABLE(SVG)
 #include "SVGPaint.h"
+#include "SVGURIReference.h"
 namespace WebCore {
 …
+}
+bool SVGPaint::matchesTargetURI(const String& referenceId)
+{
+    if (m_paintType != SVG_PAINTTYPE_URI && m_paintType != SVG_PAINTTYPE_URI_RGBCOLOR)
+        return false;
+    return referenceId == SVGURIReference::getTarget(m_uri);
+}
+// vim:ts=4:noet
+}
 #endif // ENABLE(SVG)

trunk/WebCore/svg/SVGPaint.h

-                      r34627
+                      r63300
 /*
     Copyright (C) 2004, 2005 Nikolas Zimmermann <wildfox@kde.org>
+    Copyright (C) 2004, 2005 Nikolas Zimmermann <zimmermann@kde.org>
 , 2005, 2006, 2007 Rob Buis <buis@kde.org>
     Copyright (C) 2006 Samuel Weinig (sam.weinig@gmial.com)
 …
         static SVGPaint* defaultStroke();
+        bool matchesTargetURI(const String& referenceId);
     private:
         SVGPaint();
 …
 #endif // ENABLE(SVG)
 #endif // SVGPaint_h
-// vim:ts=4:noet

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 63300 in webkit

Legend:

Download in other formats: