Title: [170862] trunk/Source
- Revision
- 170862
- Author
- simon.fra...@apple.com
- Date
- 2014-07-07 16:44:49 -0700 (Mon, 07 Jul 2014)
Log Message
[UI-side compositing] Crash when starting a filter transition on a reflected layer
https://bugs.webkit.org/show_bug.cgi?id=134694
Reviewed by Tim Horton.
Source/WebCore:
Don't call the owner if we failed to find the animation key (which actually
isn't used by PlatformCALayerMac anyway).
* platform/graphics/ca/mac/PlatformCALayerMac.mm:
(-[WebAnimationDelegate animationDidStart:]):
Source/WebKit2:
When cloned layers had animations, we would fire two animationDidStart callbacks,
but the second would pass an empty animationKey string to the web process, resulting
in a crash.
Fix by not blindly copying all layer properties when cloning PlatformCALayerRemotes,
since the clone would include addedAnimations, and then get the same animations
added on top by the caller.
Also protect against an empty animation key in the animationDidStart callback.
* UIProcess/mac/RemoteLayerTreeHost.mm:
(WebKit::RemoteLayerTreeHost::animationDidStart):
* WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
(WebKit::PlatformCALayerRemote::PlatformCALayerRemote):
(WebKit::PlatformCALayerRemote::clone): Don't copy all the properties; copy
them manually as PlatformCALayerMac does. Only copy the big things if they don't
have their default values.
(WebKit::PlatformCALayerRemote::copyFiltersFrom): Need an implementation of this
for clone() to call.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (170861 => 170862)
--- trunk/Source/WebCore/ChangeLog 2014-07-07 23:44:42 UTC (rev 170861)
+++ trunk/Source/WebCore/ChangeLog 2014-07-07 23:44:49 UTC (rev 170862)
@@ -1,3 +1,16 @@
+2014-07-07 Simon Fraser <simon.fra...@apple.com>
+
+ [UI-side compositing] Crash when starting a filter transition on a reflected layer
+ https://bugs.webkit.org/show_bug.cgi?id=134694
+
+ Reviewed by Tim Horton.
+
+ Don't call the owner if we failed to find the animation key (which actually
+ isn't used by PlatformCALayerMac anyway).
+
+ * platform/graphics/ca/mac/PlatformCALayerMac.mm:
+ (-[WebAnimationDelegate animationDidStart:]):
+
2014-07-07 Alex Christensen <achristen...@webkit.org>
[iOS WebGL] Fix crash with too many nested glsl functions.
Modified: trunk/Source/WebCore/platform/graphics/ca/mac/PlatformCALayerMac.mm (170861 => 170862)
--- trunk/Source/WebCore/platform/graphics/ca/mac/PlatformCALayerMac.mm 2014-07-07 23:44:42 UTC (rev 170861)
+++ trunk/Source/WebCore/platform/graphics/ca/mac/PlatformCALayerMac.mm 2014-07-07 23:44:49 UTC (rev 170862)
@@ -132,7 +132,8 @@
}
}
- m_owner->animationStarted(animationKey, startTime);
+ if (!animationKey.isEmpty())
+ m_owner->animationStarted(animationKey, startTime);
}
}
Modified: trunk/Source/WebKit2/ChangeLog (170861 => 170862)
--- trunk/Source/WebKit2/ChangeLog 2014-07-07 23:44:42 UTC (rev 170861)
+++ trunk/Source/WebKit2/ChangeLog 2014-07-07 23:44:49 UTC (rev 170862)
@@ -1,3 +1,30 @@
+2014-07-07 Simon Fraser <simon.fra...@apple.com>
+
+ [UI-side compositing] Crash when starting a filter transition on a reflected layer
+ https://bugs.webkit.org/show_bug.cgi?id=134694
+
+ Reviewed by Tim Horton.
+
+ When cloned layers had animations, we would fire two animationDidStart callbacks,
+ but the second would pass an empty animationKey string to the web process, resulting
+ in a crash.
+
+ Fix by not blindly copying all layer properties when cloning PlatformCALayerRemotes,
+ since the clone would include addedAnimations, and then get the same animations
+ added on top by the caller.
+
+ Also protect against an empty animation key in the animationDidStart callback.
+
+ * UIProcess/mac/RemoteLayerTreeHost.mm:
+ (WebKit::RemoteLayerTreeHost::animationDidStart):
+ * WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
+ (WebKit::PlatformCALayerRemote::PlatformCALayerRemote):
+ (WebKit::PlatformCALayerRemote::clone): Don't copy all the properties; copy
+ them manually as PlatformCALayerMac does. Only copy the big things if they don't
+ have their default values.
+ (WebKit::PlatformCALayerRemote::copyFiltersFrom): Need an implementation of this
+ for clone() to call.
+
2014-07-07 Tim Horton <timothy_hor...@apple.com>
Nearly everything in the UIProcess "leaks" when WKWebView is torn down
Modified: trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm (170861 => 170862)
--- trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm 2014-07-07 23:44:42 UTC (rev 170861)
+++ trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm 2014-07-07 23:44:49 UTC (rev 170862)
@@ -148,7 +148,8 @@
}
}
- m_drawingArea.acceleratedAnimationDidStart(layerID, animationKey, startTime);
+ if (!animationKey.isEmpty())
+ m_drawingArea.acceleratedAnimationDidStart(layerID, animationKey, startTime);
}
void RemoteLayerTreeHost::clearLayers()
Modified: trunk/Source/WebKit2/WebProcess/WebPage/mac/PlatformCALayerRemote.cpp (170861 => 170862)
--- trunk/Source/WebKit2/WebProcess/WebPage/mac/PlatformCALayerRemote.cpp 2014-07-07 23:44:42 UTC (rev 170861)
+++ trunk/Source/WebKit2/WebProcess/WebPage/mac/PlatformCALayerRemote.cpp 2014-07-07 23:44:49 UTC (rev 170862)
@@ -90,7 +90,6 @@
PlatformCALayerRemote::PlatformCALayerRemote(const PlatformCALayerRemote& other, PlatformCALayerClient* owner, RemoteLayerTreeContext& context)
: PlatformCALayer(other.layerType(), owner)
- , m_properties(other.m_properties)
, m_superlayer(nullptr)
, m_maskLayer(nullptr)
, m_acceleratesDrawing(other.acceleratesDrawing())
@@ -102,8 +101,28 @@
{
RefPtr<PlatformCALayerRemote> clone = PlatformCALayerRemote::create(*this, client, *m_context);
- clone->m_properties.notePropertiesChanged(static_cast<RemoteLayerTreeTransaction::LayerChange>(m_properties.everChangedProperties & ~RemoteLayerTreeTransaction::BackingStoreChanged));
+ clone->setPosition(position());
+ clone->setBounds(bounds());
+ clone->setAnchorPoint(anchorPoint());
+ if (m_properties.transform)
+ clone->setTransform(*m_properties.transform);
+
+ if (m_properties.sublayerTransform)
+ clone->setSublayerTransform(*m_properties.sublayerTransform);
+
+ clone->setContents(contents());
+ clone->setMasksToBounds(masksToBounds());
+ clone->setDoubleSided(isDoubleSided());
+ clone->setOpaque(isOpaque());
+ clone->setBackgroundColor(backgroundColor());
+ clone->setContentsScale(contentsScale());
+#if ENABLE(CSS_FILTERS)
+ if (m_properties.filters)
+ clone->copyFiltersFrom(this);
+#endif
+ clone->updateCustomAppearance(customAppearance());
+
clone->setClonedLayer(this);
return clone.release();
}
@@ -577,7 +596,12 @@
void PlatformCALayerRemote::copyFiltersFrom(const PlatformCALayer* sourceLayer)
{
- ASSERT_NOT_REACHED();
+ if (const FilterOperations* filters = toPlatformCALayerRemote(sourceLayer)->m_properties.filters.get())
+ setFilters(*filters);
+ else if (m_properties.filters)
+ m_properties.filters = nullptr;
+
+ m_properties.notePropertiesChanged(RemoteLayerTreeTransaction::FiltersChanged);
}
#if ENABLE(CSS_COMPOSITING)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
