[Webkit-unassigned] [Bug 63290] Stack overflow with enormous SVG filter
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 19 17:31:23 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=63290
--- Comment #7 from Dean Jackson <dino at apple.com> 2014-09-19 17:31:23 PST ---
(In reply to comment #6)
> I tried fixing this bug by cutting off the recursion in the function RenderSVGResourceFilterPrimitive::determineFilterPrimitiveSubregion() which fixes the crash. But I got another crash in FilterEffect::apply() because it has the same kind of recursion and it might need similar cut off.
>
> I think the cleanest way to fix this bug is cut off creating the FilterEffect tree from the the beginning when the svg is loaded instead of creating a very deep tree and then try to cut off traversing it in many places.
I think you're right, as long as I understand what you're suggesting :)
We should have a limit on the depth of our graph (or length of the chain in this case). We actually have them in other places, like the maximum amount of the blur radius.
So, not creating the FilterEffects and just marking the Filter as invalid is fine with me. What we can't do is remove the actual filter elements from the tree, because they still need to be visible in the DOM even if they are broken.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list