Assertion failure under FEImage::determineAbsolutePaintRect()
authorjhoneycutt@apple.com <jhoneycutt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 15 Apr 2014 05:23:07 +0000 (05:23 +0000)
committerjhoneycutt@apple.com <jhoneycutt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 15 Apr 2014 05:23:07 +0000 (05:23 +0000)
<https://bugs.webkit.org/show_bug.cgi?id=131660>
<rdar://problem/15669294>

Source/WebCore:
This patch merges Chromium r149536 (see
<https://chromiumcodereview.appspot.com/14701012>), which moves
m_absoluteTransform out of SVGFilter and into the base Filter class, so
that it isn't necessary to cast a Filter to SVGFilter to get the
absolute transform.

Reviewed by Geoffrey Garen.

Test: svg/filters/feImage-filter-assertion.html

* platform/graphics/filters/Filter.h:
(WebCore::Filter::Filter):
Changed to take the absolute transform.
(WebCore::Filter::absoluteTransform):
Moved from SVGFilter.
(WebCore::Filter::mapAbsolutePointToLocalPoint):
Ditto.

* rendering/FilterEffectRenderer.cpp:
(WebCore::FilterEffectRenderer::FilterEffectRenderer):
Pass a default AffineTransform() to the Filter base class.

* svg/graphics/filters/SVGFEImage.cpp:
(WebCore::FEImage::determineAbsolutePaintRect):
Use the Filter without casting it to SVGFilter.
(WebCore::FEImage::platformApplySoftware):
Ditto.

* svg/graphics/filters/SVGFilter.cpp:
(WebCore::SVGFilter::SVGFilter):
Pass the transform to the base class, and remove initialization of a
removed member var.

* svg/graphics/filters/SVGFilter.h:
Member var moved to Filter.h.

LayoutTests:
Reviewed by Geoffrey Garen.

* svg/filters/feImage-filter-assertion-expected.txt: Added.
* svg/filters/feImage-filter-assertion.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@167295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/svg/filters/feImage-filter-assertion-expected.txt [new file with mode: 0644]
LayoutTests/svg/filters/feImage-filter-assertion.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/filters/Filter.h
Source/WebCore/rendering/FilterEffectRenderer.cpp
Source/WebCore/svg/graphics/filters/SVGFEImage.cpp
Source/WebCore/svg/graphics/filters/SVGFilter.cpp
Source/WebCore/svg/graphics/filters/SVGFilter.h

index 400f3de..c12dd3d 100644 (file)
@@ -1,3 +1,15 @@
+2014-04-14  Jon Honeycutt  <jhoneycutt@apple.com>
+
+        Assertion failure under FEImage::determineAbsolutePaintRect()
+
+        <https://bugs.webkit.org/show_bug.cgi?id=131660>
+        <rdar://problem/15669294>
+
+        Reviewed by Geoffrey Garen.
+
+        * svg/filters/feImage-filter-assertion-expected.txt: Added.
+        * svg/filters/feImage-filter-assertion.html: Added.
+
 2014-04-14  Oliver Hunt  <oliver@apple.com>
 
         Function.bind itself is too slow
diff --git a/LayoutTests/svg/filters/feImage-filter-assertion-expected.txt b/LayoutTests/svg/filters/feImage-filter-assertion-expected.txt
new file mode 100644 (file)
index 0000000..3b89a18
--- /dev/null
@@ -0,0 +1,3 @@
+WebKit bug #131660: Assertion failure in FEImage::determineAbsolutePaintRect(). This test passes if it does not assert in a debug build.
+
+
diff --git a/LayoutTests/svg/filters/feImage-filter-assertion.html b/LayoutTests/svg/filters/feImage-filter-assertion.html
new file mode 100644 (file)
index 0000000..a4bc8ac
--- /dev/null
@@ -0,0 +1,25 @@
+<style>
+  #filtered {
+    width: 160px;
+    height: 90px;
+    -webkit-filter: url(#imagereplace);
+    filter: url(#imagereplace);
+  }
+</style>
+
+<div id="filtered"></div>
+
+<p>
+    WebKit bug #<a href="https://bugs.webkit.org/show_bug.cgi?id=131660">131660</a>: Assertion failure in FEImage::determineAbsolutePaintRect(). This test passes if it does not assert in a debug build.
+</p>
+
+<svg xmlns="http://www.w3.org/3000/svg" width="0" height="0" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <filter id="imagereplace">
+     <feimage xlink:href="test.png"/>
+  </filter>
+</svg>
+
+<script>
+    if (window.testRunner)
+        window.testRunner.dumpAsText();
+</script>
index 6f598b5..281639c 100644 (file)
@@ -1,3 +1,46 @@
+2014-04-14  Jon Honeycutt  <jhoneycutt@apple.com>
+
+        Assertion failure under FEImage::determineAbsolutePaintRect()
+
+        <https://bugs.webkit.org/show_bug.cgi?id=131660>
+        <rdar://problem/15669294>
+
+        This patch merges Chromium r149536 (see
+        <https://chromiumcodereview.appspot.com/14701012>), which moves
+        m_absoluteTransform out of SVGFilter and into the base Filter class, so
+        that it isn't necessary to cast a Filter to SVGFilter to get the
+        absolute transform.
+
+        Reviewed by Geoffrey Garen.
+
+        Test: svg/filters/feImage-filter-assertion.html
+
+        * platform/graphics/filters/Filter.h:
+        (WebCore::Filter::Filter):
+        Changed to take the absolute transform.
+        (WebCore::Filter::absoluteTransform):
+        Moved from SVGFilter.
+        (WebCore::Filter::mapAbsolutePointToLocalPoint):
+        Ditto.
+
+        * rendering/FilterEffectRenderer.cpp:
+        (WebCore::FilterEffectRenderer::FilterEffectRenderer):
+        Pass a default AffineTransform() to the Filter base class.
+
+        * svg/graphics/filters/SVGFEImage.cpp:
+        (WebCore::FEImage::determineAbsolutePaintRect):
+        Use the Filter without casting it to SVGFilter.
+        (WebCore::FEImage::platformApplySoftware):
+        Ditto.
+
+        * svg/graphics/filters/SVGFilter.cpp:
+        (WebCore::SVGFilter::SVGFilter):
+        Pass the transform to the base class, and remove initialization of a
+        removed member var.
+
+        * svg/graphics/filters/SVGFilter.h:
+        Member var moved to Filter.h.
+
 2014-04-14  Darin Adler  <darin@apple.com>
 
         REGRESSION (r158617): Find on Page can get stuck in a loop when the search string occurs in an <input> in a <fieldset>
index 074b30c..cea0ff2 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2009 Dirk Schulze <krit@webkit.org>
+ * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
@@ -32,7 +33,10 @@ class FilterEffect;
 
 class Filter : public RefCounted<Filter> {
 public:
-    Filter() : m_renderingMode(Unaccelerated) { }
+    Filter(const AffineTransform& absoluteTransform)
+        : m_absoluteTransform(absoluteTransform)
+        , m_renderingMode(Unaccelerated)
+    { }
     virtual ~Filter() { }
 
     void setSourceImage(std::unique_ptr<ImageBuffer> sourceImage) { m_sourceImage = std::move(sourceImage); }
@@ -41,6 +45,9 @@ public:
     FloatSize filterResolution() const { return m_filterResolution; }
     void setFilterResolution(const FloatSize& filterResolution) { m_filterResolution = filterResolution; }
 
+    const AffineTransform& absoluteTransform() const { return m_absoluteTransform; }
+    FloatPoint mapAbsolutePointToLocalPoint(const FloatPoint& point) const { return m_absoluteTransform.inverse().mapPoint(point); }
+
     RenderingMode renderingMode() const { return m_renderingMode; }
     void setRenderingMode(RenderingMode renderingMode) { m_renderingMode = renderingMode; }
 
@@ -51,12 +58,11 @@ public:
     
     virtual FloatRect sourceImageRect() const = 0;
     virtual FloatRect filterRegion() const = 0;
-    
-    virtual FloatPoint mapAbsolutePointToLocalPoint(const FloatPoint&) const { return FloatPoint(); }
 
 private:
     std::unique_ptr<ImageBuffer> m_sourceImage;
     FloatSize m_filterResolution;
+    AffineTransform m_absoluteTransform;
     RenderingMode m_renderingMode;
 };
 
index 0ee79e9..6d24e87 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -68,7 +69,8 @@ static inline void lastMatrixRow(Vector<float>& parameters)
 }
 
 FilterEffectRenderer::FilterEffectRenderer()
-    : m_graphicsBufferAttached(false)
+    : Filter(AffineTransform())
+    , m_graphicsBufferAttached(false)
     , m_hasFilterThatMovesPixels(false)
 {
     setFilterResolution(FloatSize(1, 1));
index e652493..9cd40a6 100644 (file)
@@ -31,7 +31,6 @@
 #include "RenderElement.h"
 #include "RenderTreeAsText.h"
 #include "SVGElement.h"
-#include "SVGFilter.h"
 #include "SVGPreserveAspectRatio.h"
 #include "SVGRenderingContext.h"
 #include "SVGURIReference.h"
@@ -67,15 +66,13 @@ PassRefPtr<FEImage> FEImage::createWithIRIReference(Filter* filter, Document& do
 
 void FEImage::determineAbsolutePaintRect()
 {
-    SVGFilter* svgFilter = toSVGFilter(&(filter()));
-
-    FloatRect paintRect = svgFilter->absoluteTransform().mapRect(filterPrimitiveSubregion());
+    FloatRect paintRect = filter().absoluteTransform().mapRect(filterPrimitiveSubregion());
     FloatRect srcRect;
     if (m_image) {
         srcRect.setSize(m_image->size());
         m_preserveAspectRatio.transformRect(paintRect, srcRect);
     } else if (RenderElement* renderer = referencedRenderer())
-        srcRect = svgFilter->absoluteTransform().mapRect(renderer->repaintRectInLocalCoordinates());
+        srcRect = filter().absoluteTransform().mapRect(renderer->repaintRectInLocalCoordinates());
 
     if (clipsToBounds())
         paintRect.intersect(maxEffectRect());
@@ -104,12 +101,11 @@ void FEImage::platformApplySoftware()
     if (!resultImage)
         return;
 
-    SVGFilter* svgFilter = toSVGFilter(&(filter()));
-    FloatRect destRect = svgFilter->absoluteTransform().mapRect(filterPrimitiveSubregion());
+    FloatRect destRect = filter().absoluteTransform().mapRect(filterPrimitiveSubregion());
 
     FloatRect srcRect;
     if (renderer)
-        srcRect = svgFilter->absoluteTransform().mapRect(renderer->repaintRectInLocalCoordinates());
+        srcRect = filter().absoluteTransform().mapRect(renderer->repaintRectInLocalCoordinates());
     else {
         srcRect = FloatRect(FloatPoint(), m_image->size());
         m_preserveAspectRatio.transformRect(destRect, srcRect);
@@ -122,7 +118,7 @@ void FEImage::platformApplySoftware()
     setResultColorSpace(ColorSpaceDeviceRGB);
 
     if (renderer) {
-        const AffineTransform& absoluteTransform = svgFilter->absoluteTransform();
+        const AffineTransform& absoluteTransform = filter().absoluteTransform();
         resultImage->context()->concatCTM(absoluteTransform);
 
         SVGElement* contextNode = toSVGElement(renderer->element());
index 24757d1..8a5ada1 100644 (file)
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2009 Dirk Schulze <krit@webkit.org>
  * Copyright (C) Research In Motion Limited 2010. All rights reserved.
+ * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
@@ -26,8 +27,7 @@
 namespace WebCore {
 
 SVGFilter::SVGFilter(const AffineTransform& absoluteTransform, const FloatRect& absoluteSourceDrawingRegion, const FloatRect& targetBoundingBox, const FloatRect& filterRegion, bool effectBBoxMode)
-    : Filter()
-    , m_absoluteTransform(absoluteTransform)
+    : Filter(absoluteTransform)
     , m_absoluteSourceDrawingRegion(absoluteSourceDrawingRegion)
     , m_targetBoundingBox(targetBoundingBox)
     , m_filterRegion(filterRegion)
index 4f1e7d5..ea7a065 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2009 Dirk Schulze <krit@webkit.org>
+ * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
@@ -40,9 +41,6 @@ public:
     FloatRect filterRegionInUserSpace() const { return m_filterRegion; }
     virtual FloatRect filterRegion() const override { return m_absoluteFilterRegion; }
 
-    virtual FloatPoint mapAbsolutePointToLocalPoint(const FloatPoint& point) const override { return m_absoluteTransform.inverse().mapPoint(point); }
-    const AffineTransform& absoluteTransform() const { return m_absoluteTransform; }
-
     virtual float applyHorizontalScale(float value) const override;
     virtual float applyVerticalScale(float value) const override;
 
@@ -54,7 +52,6 @@ public:
 private:
     SVGFilter(const AffineTransform& absoluteTransform, const FloatRect& absoluteSourceDrawingRegion, const FloatRect& targetBoundingBox, const FloatRect& filterRegion, bool effectBBoxMode);
 
-    AffineTransform m_absoluteTransform;
     FloatRect m_absoluteSourceDrawingRegion;
     FloatRect m_targetBoundingBox;
     FloatRect m_absoluteFilterRegion;