From 65b65c54baa9fcc36298f06a7bca808b2ac967e7 Mon Sep 17 00:00:00 2001 From: Connor Brewster Date: Wed, 10 Jul 2019 22:37:44 +0000 Subject: [PATCH] Bug 1555483 - Part 4: Sanitize filter primitives r=gw Differential Revision: https://phabricator.services.mozilla.com/D35741 --HG-- extra : moz-landing-system : lando --- .../webrender/src/display_list_flattener.rs | 5 ++ gfx/wr/webrender_api/src/display_item.rs | 51 +++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/gfx/wr/webrender/src/display_list_flattener.rs b/gfx/wr/webrender/src/display_list_flattener.rs index 4af0018de746..43f099454b64 100644 --- a/gfx/wr/webrender/src/display_list_flattener.rs +++ b/gfx/wr/webrender/src/display_list_flattener.rs @@ -1998,6 +1998,11 @@ impl<'a> DisplayListFlattener<'a> { }) .collect(); + // Sanitize filter inputs + for primitive in &mut stacking_context.composite_ops.filter_primitives { + primitive.sanitize(); + } + let composite_mode = PictureCompositeMode::SvgFilter( stacking_context.composite_ops.filter_primitives, filter_datas, diff --git a/gfx/wr/webrender_api/src/display_item.rs b/gfx/wr/webrender_api/src/display_item.rs index dd2465bb5f7d..8c820c152bf2 100644 --- a/gfx/wr/webrender_api/src/display_item.rs +++ b/gfx/wr/webrender_api/src/display_item.rs @@ -744,6 +744,15 @@ pub struct FloodPrimitive { pub color: ColorF, } +impl FloodPrimitive { + pub fn sanitize(&mut self) { + self.color.r = self.color.r.min(1.0).max(0.0); + self.color.g = self.color.g.min(1.0).max(0.0); + self.color.b = self.color.b.min(1.0).max(0.0); + self.color.a = self.color.a.min(1.0).max(0.0); + } +} + #[repr(C)] #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)] pub struct BlurPrimitive { @@ -751,6 +760,12 @@ pub struct BlurPrimitive { pub radius: f32, } +impl BlurPrimitive { + pub fn sanitize(&mut self) { + self.radius = self.radius.min(MAX_BLUR_RADIUS); + } +} + #[repr(C)] #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)] pub struct OpacityPrimitive { @@ -758,6 +773,12 @@ pub struct OpacityPrimitive { pub opacity: f32, } +impl OpacityPrimitive { + pub fn sanitize(&mut self) { + self.opacity = self.opacity.min(1.0).max(0.0); + } +} + /// cbindgen:derive-eq=false #[repr(C)] #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)] @@ -773,6 +794,12 @@ pub struct DropShadowPrimitive { pub shadow: Shadow, } +impl DropShadowPrimitive { + pub fn sanitize(&mut self) { + self.shadow.blur_radius = self.shadow.blur_radius.min(MAX_BLUR_RADIUS); + } +} + #[repr(C)] #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)] pub struct ComponentTransferPrimitive { @@ -803,6 +830,24 @@ pub enum FilterPrimitiveKind { ComponentTransfer(ComponentTransferPrimitive), } +impl FilterPrimitiveKind { + pub fn sanitize(&mut self) { + match self { + FilterPrimitiveKind::Flood(flood) => flood.sanitize(), + FilterPrimitiveKind::Blur(blur) => blur.sanitize(), + FilterPrimitiveKind::Opacity(opacity) => opacity.sanitize(), + FilterPrimitiveKind::DropShadow(drop_shadow) => drop_shadow.sanitize(), + + // No sanitization needed. + FilterPrimitiveKind::Identity(..) | + FilterPrimitiveKind::Blend(..) | + FilterPrimitiveKind::ColorMatrix(..) | + // Component transfer's filter data is sanitized separately. + FilterPrimitiveKind::ComponentTransfer(..) => {} + } + } +} + /// SVG Filter Primitive. /// See: https://github.com/eqrion/cbindgen/issues/9 /// cbindgen:derive-eq=false @@ -813,6 +858,12 @@ pub struct FilterPrimitive { pub color_space: ColorSpace, } +impl FilterPrimitive { + pub fn sanitize(&mut self) { + self.kind.sanitize(); + } +} + /// CSS filter. #[repr(C)] #[derive(Clone, Debug, PartialEq, Deserialize, Serialize)]