[webkit-changes] [WebKit/WebKit] 00f03d: Deeply nested SVG patterns can take log time to in...
Said Abou-Hallawa
noreply at github.com
Thu Oct 19 05:17:25 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 00f03d987c0cec7d2821e3d1086bdf15dc807c0d
https://github.com/WebKit/WebKit/commit/00f03d987c0cec7d2821e3d1086bdf15dc807c0d
Author: Said Abou-Hallawa <said at apple.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
A LayoutTests/svg/custom/pattern-nested-reference-expected.txt
A LayoutTests/svg/custom/pattern-nested-reference.html
M Source/WebCore/rendering/svg/RenderSVGResource.cpp
M Source/WebCore/rendering/svg/RenderSVGResource.h
M Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp
M Source/WebCore/rendering/svg/RenderSVGResourceFilter.h
M Source/WebCore/rendering/svg/RenderSVGResourceGradient.cpp
M Source/WebCore/rendering/svg/RenderSVGResourceGradient.h
M Source/WebCore/rendering/svg/RenderSVGResourceMarker.cpp
M Source/WebCore/rendering/svg/RenderSVGResourceMarker.h
M Source/WebCore/rendering/svg/RenderSVGResourceMasker.cpp
M Source/WebCore/rendering/svg/RenderSVGResourceMasker.h
M Source/WebCore/rendering/svg/RenderSVGResourcePattern.cpp
M Source/WebCore/rendering/svg/RenderSVGResourcePattern.h
M Source/WebCore/rendering/svg/RenderSVGResourceSolidColor.h
M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceClipper.cpp
M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceClipper.h
M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceContainer.cpp
M Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceContainer.h
Log Message:
-----------
Deeply nested SVG patterns can take log time to invalidate the target element
https://bugs.webkit.org/show_bug.cgi?id=263349
(rdar://116532387)
Reviewed by Simon Fraser.
The resource's clients invalidation does not take account the visited renderers.
With nested SVG resources this invalidation can have an exponential complexity.
This leads to DoS since loading the SVG or modifying its resources can take
minutes to finish.
Skipping the visited renderers while invalidating the resource's clients should
fix this problem. The complexity of the invalidation will be linear in this case.
* LayoutTests/svg/custom/pattern-nested-reference-expected.txt: Added.
* LayoutTests/svg/custom/pattern-nested-reference.html: Added.
* Source/WebCore/rendering/svg/RenderSVGResource.cpp:
(WebCore::RenderSVGResource::removeAllClientsFromCache):
(WebCore::removeFromCacheAndInvalidateDependencies):
(WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation):
(WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidationIfNeeded):
* Source/WebCore/rendering/svg/RenderSVGResource.h:
* Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp:
(WebCore::RenderSVGResourceFilter::removeAllClientsFromCacheIfNeeded):
(WebCore::RenderSVGResourceFilter::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/RenderSVGResourceFilter.h:
* Source/WebCore/rendering/svg/RenderSVGResourceGradient.cpp:
(WebCore::RenderSVGResourceGradient::removeAllClientsFromCacheIfNeeded):
(WebCore::RenderSVGResourceGradient::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/RenderSVGResourceGradient.h:
* Source/WebCore/rendering/svg/RenderSVGResourceMarker.cpp:
(WebCore::RenderSVGResourceMarker::removeAllClientsFromCacheIfNeeded):
(WebCore::RenderSVGResourceMarker::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/RenderSVGResourceMarker.h:
* Source/WebCore/rendering/svg/RenderSVGResourceMasker.cpp:
(WebCore::RenderSVGResourceMasker::removeAllClientsFromCacheIfNeeded):
(WebCore::RenderSVGResourceMasker::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/RenderSVGResourceMasker.h:
* Source/WebCore/rendering/svg/RenderSVGResourcePattern.cpp:
(WebCore::RenderSVGResourcePattern::removeAllClientsFromCacheIfNeeded):
(WebCore::RenderSVGResourcePattern::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/RenderSVGResourcePattern.h:
* Source/WebCore/rendering/svg/RenderSVGResourceSolidColor.h:
* Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceClipper.cpp:
(WebCore::LegacyRenderSVGResourceClipper::removeAllClientsFromCacheIfNeeded):
(WebCore::LegacyRenderSVGResourceClipper::removeAllClientsFromCache): Deleted.
* Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceClipper.h:
* Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceContainer.cpp:
(WebCore::LegacyRenderSVGResourceContainer::markAllClientsForInvalidation):
(WebCore::LegacyRenderSVGResourceContainer::markAllClientsForInvalidationIfNeeded):
* Source/WebCore/rendering/svg/legacy/LegacyRenderSVGResourceContainer.h:
Canonical link: https://commits.webkit.org/269516@main
More information about the webkit-changes
mailing list