Fix panic in feComposite arithmetic with oversized filter region#1061
Open
StefanoD wants to merge 1 commit into
Open
Fix panic in feComposite arithmetic with oversized filter region#1061StefanoD wants to merge 1 commit into
StefanoD wants to merge 1 commit into
Conversation
The source pixmap of a filtered group is clamped to `max_bbox` in
`render_group`, but the filter `region` in `apply_inner` was derived
directly from the unclamped filter rect. When the filter region was
larger than the clamped buffer, `feComposite` with the `arithmetic`
operator panicked on a size mismatch, since it requires its inputs and
destination to have identical dimensions:
assertion failed: src1.height == src2.height && src1.height == dest.height
All intermediate filter images are expected to share the source's
dimensions, so clamp the region to the source bounds. This keeps every
buffer the same size and makes the affected SVG render correctly instead
of crashing (or being silently cleared).
This also fixes the `huge-region` test, whose reference image previously
captured the buggy behaviour where the filtered element disappeared; it
now renders the blurred shape correctly.
Fixes linebender#1021. Fixes linebender#1007.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
StefanoD
force-pushed
the
fix-fecomposite-arithmetic-huge-region-panic
branch
from
0fa80fd to
0e62915
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The source pixmap of a filtered group is clamped to
max_bboxinrender_group, but the filterregioninapply_innerwas derived directly from the unclamped filter rect. When the filter region was larger than the clamped buffer,feCompositewith thearithmeticoperator panicked on a size mismatch, since it requires its inputs and destination to have identical dimensions:All intermediate filter images are expected to share the source's dimensions, so clamp the region to the source bounds. This keeps every buffer the same size and makes the affected SVG render correctly instead of crashing (or being silently cleared).
This also fixes the
huge-regiontest, whose reference image previously captured the buggy behaviour where the filtered element disappeared; it now renders the blurred shape correctly.Fixes #1021. Fixes #1007.
Generated by Claude.