text-shadow with huge blur makes Firefox very slow

RESOLVED FIXED

Status

()

defect
--
critical
RESOLVED FIXED
10 years ago
9 years ago

People

(Reporter: Daniel-Jaeger, Assigned: ventnor.bugzilla)

Tracking

({css3, dev-doc-complete})

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)

A possible buffer-overflow when you enter much numbers into the css3 text-shadow option which causes the browser to jerk!

Reproducible: Always

Steps to Reproduce:
1. create an input field
2. setting the text-shadow with css like:  text-shadow:#000000 10px 10px 100000px;
3. last number has to be very big
Actual Results:  
firefox gets 99% systemusage and is jerking!

Expected Results:  
mh... doesn't show so big shadows!
Keywords: css3
Priority: -- → P5
Priority: P5 → --
Component: Style System (CSS) → Layout: Text
QA Contact: style-system → layout.fonts-and-text
Buffer overflow would mean a crash, wouldn't it?

Cairo can deal with surfaces that are too large and we respect that. I think this surface probably isn't over the limit and Firefox is trying to do the shadow as normal, hence the jerking and 99%.
We should probably just cap the blur-radius at 200px or something. Anyone using a value larger than that is just trying to mess with us.
Posted patch PatchSplinter Review
Attachment #403098 - Flags: review?(roc)
I removed that RoundOut because it's not necessary, it happens in gfxBlur.
How about we limit it earlier so we get a decreases overflow area as well?
Posted patch Patch 2Splinter Review
I heavily doubt this bug is a security issue, it seems to me the browser's just doing too much work.
Attachment #403098 - Attachment is obsolete: true
Attachment #403663 - Flags: review?(roc)
Attachment #403098 - Flags: review?(roc)
Comment on attachment 403663 [details] [diff] [review]
Patch 2

style system -> dbaron

Probably want to cover text-overflow as well, though.
Attachment #403663 - Flags: review?(roc) → review?(dbaron)
From a style system perspective, I'd rather the clamping happen outside (after) the style system, especially if there's only a single point there where it would need to be done, which I hope there is in this case.
Comment on attachment 403098 [details] [diff] [review]
Patch

Alright let's take this patch, and we can also take another patch to fix the overflow area.
Attachment #403098 - Attachment is obsolete: false
Attachment #403098 - Flags: review+
Attachment #403663 - Flags: review?(dbaron) → review-
Comment on attachment 403663 [details] [diff] [review]
Patch 2

Minusing since I think we decided to take the other patch.

(Also, I can imagine people wanting blurs of similar size to the screen...)
Summary: Maybe a Bufferoverflow with Text-Shadow in Input-Fields → text-shadow with huge blur makes Firefox very slow
No evidence of a security problem.
Assignee: nobody → ventnor.bugzilla
Group: core-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
On http://50226.de/ I'm using text-shadow (the title links) in the pseudo-class :hover with following css: .entry h2 a {text-shadow:0 0 5px #FFF;}

As you can see the hover effect is extremly slow and the load (on a Core 2 Duo 6400, Windows 7 64, Firefox 3.6) goes up the 50%.

Other browsers like chromium doesn't show this issue.
Witold, can you file a new bug on that and CC me? I suspect the problem on your site is not text-shadow, but box-shadow plus the fact that hovering those headers repaints the entire page (not sure why that is).
Whiteboard: [needs landing]
Michael, do you want to check this in yourself, or do you want me to do it?
Whiteboard: [needs landing]
http://hg.mozilla.org/mozilla-central/rev/b88494638342
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Keywords: dev-doc-needed
Duplicate of this bug: 543649
Duplicate of this bug: 598130
You need to log in before you can comment on or make changes to this bug.