Title: [132665] trunk
- Revision
- 132665
- Author
- fmal...@chromium.org
- Date
- 2012-10-26 08:57:08 -0700 (Fri, 26 Oct 2012)
Log Message
Crash on loading SVG filter resource on HTML element
https://bugs.webkit.org/show_bug.cgi?id=100491
Reviewed by Dirk Schulze.
Source/WebCore:
Skip non-filter elements referenced via -webkit-filter.
Test: svg/filters/filter-reference-crash.html
* rendering/RenderLayerFilterInfo.cpp:
(WebCore::RenderLayerFilterInfo::updateReferenceFilterClients):
LayoutTests:
* svg/filters/filter-reference-crash-expected.txt: Added.
* svg/filters/filter-reference-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (132664 => 132665)
--- trunk/LayoutTests/ChangeLog 2012-10-26 15:49:30 UTC (rev 132664)
+++ trunk/LayoutTests/ChangeLog 2012-10-26 15:57:08 UTC (rev 132665)
@@ -1,3 +1,13 @@
+2012-10-26 Florin Malita <fmal...@chromium.org>
+
+ Crash on loading SVG filter resource on HTML element
+ https://bugs.webkit.org/show_bug.cgi?id=100491
+
+ Reviewed by Dirk Schulze.
+
+ * svg/filters/filter-reference-crash-expected.txt: Added.
+ * svg/filters/filter-reference-crash.html: Added.
+
2012-10-26 Jussi Kukkonen <jussi.kukko...@intel.com>
[WK2] should enable two postredirect tests
Added: trunk/LayoutTests/svg/filters/filter-reference-crash-expected.txt (0 => 132665)
--- trunk/LayoutTests/svg/filters/filter-reference-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/svg/filters/filter-reference-crash-expected.txt 2012-10-26 15:57:08 UTC (rev 132665)
@@ -0,0 +1,2 @@
+PASS: did not crash.
+
Added: trunk/LayoutTests/svg/filters/filter-reference-crash.html (0 => 132665)
--- trunk/LayoutTests/svg/filters/filter-reference-crash.html (rev 0)
+++ trunk/LayoutTests/svg/filters/filter-reference-crash.html 2012-10-26 15:57:08 UTC (rev 132665)
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+ <!-- Test for https://bugs.webkit.org/show_bug.cgi?id=100491 -->
+ <body>
+ <div id="fake_filter">PASS: did not crash.</div>
+ <div style="width: 100px; height: 100px; background-color: green; -webkit-filter: url(#fake_filter);"></div>
+
+ <script>
+ if(window.testRunner)
+ testRunner.dumpAsText();
+ </script>
+ </body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (132664 => 132665)
--- trunk/Source/WebCore/ChangeLog 2012-10-26 15:49:30 UTC (rev 132664)
+++ trunk/Source/WebCore/ChangeLog 2012-10-26 15:57:08 UTC (rev 132665)
@@ -1,3 +1,17 @@
+2012-10-26 Florin Malita <fmal...@chromium.org>
+
+ Crash on loading SVG filter resource on HTML element
+ https://bugs.webkit.org/show_bug.cgi?id=100491
+
+ Reviewed by Dirk Schulze.
+
+ Skip non-filter elements referenced via -webkit-filter.
+
+ Test: svg/filters/filter-reference-crash.html
+
+ * rendering/RenderLayerFilterInfo.cpp:
+ (WebCore::RenderLayerFilterInfo::updateReferenceFilterClients):
+
2012-10-26 Antti Koivisto <an...@apple.com>
Lots of time spent under DNSResolveQueue::platformProxyIsEnabledInSystemPreferences
Modified: trunk/Source/WebCore/rendering/RenderLayerFilterInfo.cpp (132664 => 132665)
--- trunk/Source/WebCore/rendering/RenderLayerFilterInfo.cpp 2012-10-26 15:49:30 UTC (rev 132664)
+++ trunk/Source/WebCore/rendering/RenderLayerFilterInfo.cpp 2012-10-26 15:57:08 UTC (rev 132665)
@@ -141,9 +141,8 @@
// Reference is internal; add layer as a client so we can trigger
// filter repaint on SVG attribute change.
Element* filter = m_layer->renderer()->node()->document()->getElementById(referenceFilterOperation->fragment());
- if (!filter || !filter->renderer())
+ if (!filter || !filter->renderer() || !filter->renderer()->isSVGResourceFilter())
continue;
- ASSERT(filter->renderer()->isSVGResourceContainer());
filter->renderer()->toRenderSVGResourceContainer()->addClientRenderLayer(m_layer);
m_internalSVGReferences.append(filter);
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes
