SVG pattern data deleted while in use
authorfmalita@chromium.org <fmalita@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 30 Nov 2012 17:49:11 +0000 (17:49 +0000)
committerfmalita@chromium.org <fmalita@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 30 Nov 2012 17:49:11 +0000 (17:49 +0000)
commit18d09bf6458a02fecb57908270fc8ff63c306462
tree8612beafddc60e02da327fe428069b22cf02dd31
parent0924b45b2dd2a3e3c874487e16dd877949a988c7
SVG pattern data deleted while in use
https://bugs.webkit.org/show_bug.cgi?id=103415

Reviewed by Dirk Schulze.

Source/WebCore:

Various calls in RenderSVGResourcePattern::applyResource() can trigger invalidations,
which may end up deleting our current pattern data (via removeAllClientsFromCache).
To avoid this, we should add the pattern data to the cache only after it is fully built.
For clarity, the patch also refactors the pattern setup code into a separate method.

Test: svg/custom/large-image-pattern-crash.html

* rendering/svg/RenderSVGResourcePattern.cpp:
(WebCore::RenderSVGResourcePattern::buildPattern):
(WebCore::RenderSVGResourcePattern::applyResource):
* rendering/svg/RenderSVGResourcePattern.h:
(RenderSVGResourcePattern):

LayoutTests:

* svg/custom/large-image-pattern-crash-expected.txt: Added.
* svg/custom/large-image-pattern-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@136250 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/svg/custom/large-image-pattern-crash-expected.txt [new file with mode: 0644]
LayoutTests/svg/custom/large-image-pattern-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/svg/RenderSVGResourcePattern.cpp
Source/WebCore/rendering/svg/RenderSVGResourcePattern.h