[Chromium] SVG Composite of Offset crashes
authorschenney@chromium.org <schenney@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 6 Mar 2012 01:00:17 +0000 (01:00 +0000)
committerschenney@chromium.org <schenney@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 6 Mar 2012 01:00:17 +0000 (01:00 +0000)
commit015b8b809f1d4fda363f6a3ada22a76603395edf
tree606247a810ba1b91b237094f18245f56cdda9ddd
parent8e2df99b72ba04d8d44f6fab8876243a7399e90f
[Chromium] SVG Composite of Offset crashes
https://bugs.webkit.org/show_bug.cgi?id=77245

Reviewed by Stephen White.

The feComposite arithmetic mode filter could readily be made to
generate invalid pre-multiplied pixel values which would then go on to
pollute other filters and cause invalid final output pixels. This
patch checks for filters that require valid inputs, and checks that a
result is valid, and corrects the result if necessary. This matches
the behavior of FF and Opera while preventing crashes or other
undesirable behavior.

Source/WebCore:

Test: svg/filters/feComposite-arithmetic-invalid-rgba.svg

* platform/graphics/filters/FEComposite.h: Override the default validity checks and image cleanup methods.
* platform/graphics/filters/FEComposite.cpp:
(WebCore::FEComposite::correctFilterResultIfNeeded): Force valid pixels if this is an arithmetic filter
* platform/graphics/filters/FilterEffect.cpp:
(WebCore::FilterEffect::apply): Check for validity status and correct
(WebCore::FilterEffect::forceValidPremultipliedPixels): Make an image valid
(WebCore):
* platform/graphics/filters/FilterEffect.h: New virtual methods for image validity.
(FilterEffect):
(WebCore::FilterEffect::requiresValidPreMulultipliedPixels):
(WebCore::FilterEffect::forceValidPremultipliedPixels):
(WebCore::FilterEffect::correctFilterResultIfNeeded):
* rendering/svg/RenderSVGResourceFilter.cpp:
(WebCore::RenderSVGResourceFilter::postApplyResource): Check that the final filter result is valid

LayoutTests:

* svg/filters/feComposite-arithmetic-invalid-rgba-expected.svg: Added.
* svg/filters/feComposite-arithmetic-invalid-rgba.svg: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@109820 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/svg/filters/feComposite-arithmetic-invalid-rgba-expected.svg [new file with mode: 0644]
LayoutTests/svg/filters/feComposite-arithmetic-invalid-rgba.svg [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/filters/FEComposite.cpp
Source/WebCore/platform/graphics/filters/FEComposite.h
Source/WebCore/platform/graphics/filters/FilterEffect.cpp
Source/WebCore/platform/graphics/filters/FilterEffect.h
Source/WebCore/rendering/svg/RenderSVGResourceFilter.cpp