Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upContent area stuff is drawn over the chrome in Firefox #2834
Comments
|
Edit: never mind, see next comment |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1458373#c3 was a fix range.
I partly shared this assumption because #2707 fixed bug 1455839 and parts of this bug ("better: Those huge rectangles are gone.") |
|
I'll look into this today (assuming #2829 goes through without issues) |
|
Some (hopefully useful) output from the basic chasing of #2710: |
|
After another dive into gdb, I've got more clues. // If this clip's inner area contains the area of the primitive clipped
// by previous clips, then it's not going to affect rendering in any way.
if node.screen_inner_rect.contains_rect(combined_outer_rect) {
return None;
}Problem with this is that combined outer rect is constructed from the clip chain itself: let mut combined_outer_rect =
prim_screen_rect.intersection(&prim_run_context.clip_chain.combined_outer_screen_rect);As a result, this code thinks that the corresponding node has been taken into account, but what follows expect this very code to take responsibility for the proper chain rectangle. In other words, we shouldn't consider the clip chain from both ends (namely, when getting the combined outer rect and when collecting clips). cc @mrobinson |
|
@kvark Wow. Thanks for debugging this! I'll take a look at this today to see if I can make a PR. |
|
I did some more debugging on this and it seems like the |
|
@mrobinson you are correct, it's not fixing the issue. Do you see a fault in my explanation of the problem though? I may need to experiment with this a bit more, but I definitely debugged through a case where the coordinate systems of clips were different from the one of the primitive itself, and no clip tasks were generated. |
|
@kvark I'm not sure about your explanation. I tried to reproduce it with Wrench YAML, but wasn't able to come up with a test case that tickled the bug the way you described it. Not exactly sure what is going on here. |
|
@kvark Any update here? |
|
@staktrace nope, still looking at it |
|
I've been looking at the test case from "about:addons" provided by @staktrace earlier, dumping all the things and debugging through the clip chains (PRs are to follow to upstream some of that debug logic). What I found is that the clip chains of the display items in the content IFrame do not have the IFrame's clip chain as a parent. Therefore, they don't get clipped to the content region. Here is some data from the capture: Both of those clips don't affect much: The actual clip of the content is in the IFrame's clip chain: So, simply by linking the item's clip chain parent to the content clip chain we get the proper clipping here: Processed clips now: TL;DR: looks like a downstream Gecko issue with providing the clip chains. |
Chasing the clip chain An improvement over #2710 that prints out all the clips affecting our items being chased. It was useful for #2834 Example output: ``` effective clip chain from CoordinateSystemId(0) (applied) CoordinateSystemId(0) TypedRect(819.0×669.0 at (366.0,-63.0)) CoordinateSystemId(0) TypedRect(819.0×669.0 at (366.0,-63.0)) CoordinateSystemId(0) TypedRect(1027.0×339.0 at (240.0,149.0)) CoordinateSystemId(0) TypedRect(819.0×669.0 at (366.0,-63.0)) CoordinateSystemId(0) TypedRect(1284.0×413.0 at (0.0,75.0)) ``` r? anyone <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/webrender/2874) <!-- Reviewable:end -->
|
(Some of this is repeated from the IRC discussion) The iframe item is sent from a different process than the iframe contents, which makes it hard for gecko to link the clip chains the way WR wants. And even if did that, a malicious content process might not do that, and gain the ability to scribble over top of the chrome, which would be bad. So it would be better if WR internally enforced that contents of an iframe cannot escape the clip on the iframe. @kvark said that this should be possible by replacing However I worry that malicious content might still be able to escape by explicitly setting a parent clip to the UI process' root clipchain instead of |
|
I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1473940 to track that separately. |
|
@staktrace @kvark Iframes should already be clipping all their content to the local clip rectangle of the iframe item. WebRender explicitly creates the clip here: webrender/webrender/src/display_list_flattener.rs Lines 516 to 523 in 0e95636 This means that there should be no need to explicitly link up ClipChains between different pipelines. This is handled automatically because the root reference frame of the iframe is created as a child of this clip. |
|
@mrobinson but I don't see where this code uses
|
|
@kvark Is Gecko not passing an appropriate rectangle here for the |
|
@mrobinson yes, looks like that: cc @staktrace |
|
Gecko should be using the same rect for the |
|
@kvark I'm not sure why the clip rectangle for the item is wrong, but I just realized that now that #2871 has landed, it's quite possible for a clip node to be positioned by one node and to be a child clip of another node or even ClipChain. This means that we could theoretically do something useful with the clip part of the ClipScrollInfo. |
|
@staktrace These two rectangles should be in the same coordinate space. If not, that's a bug. |
|
@mrobinson I tried to see what the scroll node of the iFrame has, going from Is this expected? Edit: full scene RON for your reference: scene-1-0.ron.zip |
|
@kvark Is there any way that I can use this ron with wrench? |
|
@kvark If a node's parent is a clip node, the closest spatial node in the hierarchy should be used for positioning. |
|
@staktrace do you still have that (reduced) capture from windows uploaded somewhere? |
|
https://mozilla.staktrace.com/tmp/1462955.tgz is the capture I have lying around, I think that's the one I sent you earlier. |
|
@mrobinson are you planning to look at this capture, or should we take it from here? |
Inherit the clip chain of IFrame ~~This is an experiment to fix #2834 on our side by inheriting the clip chains of the iFrames.~~ Fixes #2834 ~~I really don't like the way it turns out... and the old code got me confused because the `info.clip_node_id` was completely ignored in `flatten_iframe`.~~ @mrobinson please take a look, cc @staktrace <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/webrender/2875) <!-- Reviewable:end -->
https://bugzilla.mozilla.org/show_bug.cgi?id=1458373
STR: