[webkit-changes] [287076] trunk/Source/WebCore

[commit-queue]

Title: [287076] trunk/Source/WebCore

Revision

287076

Author

commit-qu...@webkit.org

Date

2021-12-15 08:59:20 -0800 (Wed, 15 Dec 2021)

Log Message

Fix SVG resource invalidation logic causing incorrect layout state.
https://bugs.webkit.org/show_bug.cgi?id=233190
<rdar://82895369>

When SVG resources perform parent layout/resource invalidation, we can incorrectly
cross the SVG boundary when operating on a node which isn't an SVGRoot.
This can cause us to exit layout() with elements that still needsLayout().

Patch by Gavin Phillips <gavi...@apple.com> on 2021-12-15
Reviewed by Darin Adler.

* rendering/svg/RenderSVGResource.cpp:
(WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/rendering/svg/RenderSVGResource.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (287075 => 287076)

--- trunk/Source/WebCore/ChangeLog	2021-12-15 16:33:45 UTC (rev 287075)
+++ trunk/Source/WebCore/ChangeLog	2021-12-15 16:59:20 UTC (rev 287076)
@@ -1,3 +1,18 @@
+2021-12-15  Gavin Phillips  <gavi...@apple.com>
+
+        Fix SVG resource invalidation logic causing incorrect layout state.
+        https://bugs.webkit.org/show_bug.cgi?id=233190
+        <rdar://82895369>
+
+        When SVG resources perform parent layout/resource invalidation, we can incorrectly
+        cross the SVG boundary when operating on a node which isn't an SVGRoot.
+        This can cause us to exit layout() with elements that still needsLayout().
+
+        Reviewed by Darin Adler.
+
+        * rendering/svg/RenderSVGResource.cpp:
+        (WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation):
+
 2021-12-15  Chris Lord  <cl...@igalia.com>
 
         [GTK] Use libgbm and the ANGLE gbm backend to fix initialisation

Modified: trunk/Source/WebCore/rendering/svg/RenderSVGResource.cpp (287075 => 287076)

--- trunk/Source/WebCore/rendering/svg/RenderSVGResource.cpp	2021-12-15 16:33:45 UTC (rev 287075)
+++ trunk/Source/WebCore/rendering/svg/RenderSVGResource.cpp	2021-12-15 16:59:20 UTC (rev 287076)
@@ -207,8 +207,22 @@
         else if (is<RenderSVGRoot>(object) && downcast<RenderSVGRoot>(object).isInLayout())
             object.setNeedsLayout(MarkOnlyThis);
 #endif
-        else
-            object.setNeedsLayout(MarkContainingBlockChain);
+        else {
+            if (!is<RenderElement>(object))
+                object.setNeedsLayout(MarkOnlyThis);
+            else {
+                auto svgRoot = SVGRenderSupport::findTreeRootObject(downcast<RenderElement>(object));
+                if (!svgRoot || !svgRoot->isInLayout())
+                    object.setNeedsLayout(MarkContainingBlockChain);
+                else {
+                    // We just want to re-layout the ancestors up to the RenderSVGRoot.
+                    object.setNeedsLayout(MarkOnlyThis);
+                    for (auto current = object.parent(); current != svgRoot; current = current->parent())
+                        current->setNeedsLayout(MarkOnlyThis);
+                    svgRoot->setNeedsLayout(MarkOnlyThis);
+                }
+            }
+        }
     }
 
     if (is<RenderElement>(object))

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes