SVG clip-path references can clip out later content
authorpdr@google.com <pdr@google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 10 Feb 2017 03:27:40 +0000 (03:27 +0000)
committerpdr@google.com <pdr@google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 10 Feb 2017 03:27:40 +0000 (03:27 +0000)
commit8e6b46db04c3e075290017b7c5c4eda715f3f050
treef685a3edc9d43be6b5e46931aefef845995acb5e
parentf37fc32c5f4669ea664a6686344a5f79fce02ac2
SVG clip-path references can clip out later content
https://bugs.webkit.org/show_bug.cgi?id=164181

Reviewed by Said Abou-Hallawa.

Source/WebCore:

RenderSVGResourceClipper can modify the GraphicsContext state (through the path-only
clipping codepath) so we need to ensure RenderLayer::setupClipPath saves the context
and its caller restores it back so later content is not clipped as well.

This patch is based on a chromium patch by fs@opera.com:
https://chromium.googlesource.com/chromium/src/+/b3f7e7d2c4afb3c7e5c7eb438ff5933cbe2109b3

Test: css3/masking/clip-path-reference-restore.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::setupClipPath): Add a GC save and return true to restore. Also switch to downcast instead of static_cast.

LayoutTests:

Make sure applying multiple clip-path references does not clip out later content.

* css3/masking/clip-path-reference-restore-expected.html: Added.
* css3/masking/clip-path-reference-restore.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@212038 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/css3/masking/clip-path-reference-restore-expected.html [new file with mode: 0644]
LayoutTests/css3/masking/clip-path-reference-restore.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderLayer.cpp