ASAN_TRAP | WTF::Vector::expandCapacity; WTF::Vector::expandCapacity;…

… WTF::Vector::appendSlowCase

https://bugs.webkit.org/show_bug.cgi?id=271904
rdar://125579928

Reviewed by Antti Koivisto.

For https://bugs.webkit.org/show_bug.cgi?id=264639 a fix was done to deal with repeating gradients
where a tiny offset range was repeated, causing a large number of items to be added to the stop vector.
That fix does not apply when the offset range is reasonable but the maxExtent is large. So, also take the
maxExtent into account when deciding whether to produce extra gradient stops.

* LayoutTests/fast/css/repeating-radial-gradient-small-range-large-extent-expected.txt: Added.
* LayoutTests/fast/css/repeating-radial-gradient-small-range-large-extent.html: Added.
* Source/WebCore/rendering/style/StyleGradientImage.cpp:
(WebCore::StyleGradientImage::computeStops const):

Originally-landed-as: 274097.16@webkit-2024.2-embargoed (c2f3e54dfeed). rdar://128555839
Canonical link: https://commits.webkit.org/279229@main

LayoutTests/fast/css/repeating-radial-gradient-small-range-large-extent-expected.txt

@@ -0,0 +1,4 @@
+This test passess if it doesn't crash.
+Repeating Gradient With Many Stops
+Repeating Gradient With Many Stops
+Repeating Gradient With Many Stops

LayoutTests/fast/css/repeating-radial-gradient-small-range-large-extent.html

@@ -0,0 +1,23 @@
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+<style>
+.repeating-gradient-with-suffix-stops {
+    background: repeating-radial-gradient(circle at center, red 0%, green 0.01%);
+}
+.repeating-gradient-with-prefix-stops {
+    background: repeating-radial-gradient(circle at center, red 99.99%, green 100%);
+}
+.repeating-gradient-with-prefix-and-suffix-stops {
+    background: repeating-radial-gradient(circle at center, red 50%, green 50.01%);
+}
+div {
+    width: 200px;
+    height: 200000px;
+}
+</style>
+<div>This test passess if it doesn't crash.</div>
+<div class="repeating-gradient-with-suffix-stops">Repeating Gradient With Many Stops</div>
+<div class="repeating-gradient-with-prefix-stops">Repeating Gradient With Many Stops</div>
+<div class="repeating-gradient-with-prefix-and-suffix-stops">Repeating Gradient With Many Stops</div>

Source/WebCore/rendering/style/StyleGradientImage.cpp

@@ -568,9 +568,12 @@ GradientColorStops StyleGradientImage::computeStops(GradientAdapter& gradientAda
     // We can't just push this logic down into the platform-specific Gradient code,
     // because we have to know the extent of the gradient, and possible move the end points.
     if (repeating == CSSGradientRepeat::Repeating && numberOfStops > 1) {
+        float maxExtent = gradientAdapter.maxExtent(maxLengthForRepeat, gradientLength);
         // If the difference in the positions of the first and last color-stops is 0,
         // the gradient defines a solid-color image with the color of the last color-stop in the rule.
         float gradientRange = *stops.last().offset - *stops.first().offset;
+        if (maxExtent > 1)
+            gradientRange /= maxExtent;
         if (!gradientRange) {
             stops.first().offset = 0;
             stops.first().color = stops.last().color;
@@ -587,7 +590,6 @@ GradientColorStops StyleGradientImage::computeStops(GradientAdapter& gradientAda
         } else {
             // Since the gradient range is deemed big enough, the amount of necessary stops is
             // calculated for both the [0, first-offset] and the [last-offset, maxExtent] ranges.
-            float maxExtent = gradientAdapter.maxExtent(maxLengthForRepeat, gradientLength);
             CheckedSize numberOfGeneratedStopsBeforeFirst;
             CheckedSize numberOfGeneratedStopsAfterLast;