Title: [237868] trunk/Source/WebCore
- Revision
- 237868
- Author
- grao...@webkit.org
- Date
- 2018-11-06 09:44:40 -0800 (Tue, 06 Nov 2018)
Log Message
[Web Animations] transitions/remove-transition-style.html crashes with GuardMalloc on
https://bugs.webkit.org/show_bug.cgi?id=191304
<rdar://problem/45819476>
Reviewed by Dean Jackson.
Ensure we remove animations from the m_allAnimations ListHashSet upon destruction.
* animation/AnimationTimeline.cpp:
(WebCore::AnimationTimeline::forgetAnimation):
(WebCore::AnimationTimeline::cancelDeclarativeAnimation):
* animation/AnimationTimeline.h:
* animation/DocumentTimeline.cpp:
(WebCore::DocumentTimeline::getAnimations const):
* animation/WebAnimation.cpp:
(WebCore::WebAnimation::~WebAnimation):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (237867 => 237868)
--- trunk/Source/WebCore/ChangeLog 2018-11-06 16:14:27 UTC (rev 237867)
+++ trunk/Source/WebCore/ChangeLog 2018-11-06 17:44:40 UTC (rev 237868)
@@ -1,3 +1,22 @@
+2018-11-06 Antoine Quint <grao...@apple.com>
+
+ [Web Animations] transitions/remove-transition-style.html crashes with GuardMalloc on
+ https://bugs.webkit.org/show_bug.cgi?id=191304
+ <rdar://problem/45819476>
+
+ Reviewed by Dean Jackson.
+
+ Ensure we remove animations from the m_allAnimations ListHashSet upon destruction.
+
+ * animation/AnimationTimeline.cpp:
+ (WebCore::AnimationTimeline::forgetAnimation):
+ (WebCore::AnimationTimeline::cancelDeclarativeAnimation):
+ * animation/AnimationTimeline.h:
+ * animation/DocumentTimeline.cpp:
+ (WebCore::DocumentTimeline::getAnimations const):
+ * animation/WebAnimation.cpp:
+ (WebCore::WebAnimation::~WebAnimation):
+
2018-11-06 Youenn Fablet <you...@apple.com>
RealtimeOutgoingAudioSourceCocoa should unobserve its source at destruction time
Modified: trunk/Source/WebCore/animation/AnimationTimeline.cpp (237867 => 237868)
--- trunk/Source/WebCore/animation/AnimationTimeline.cpp 2018-11-06 16:14:27 UTC (rev 237867)
+++ trunk/Source/WebCore/animation/AnimationTimeline.cpp 2018-11-06 17:44:40 UTC (rev 237868)
@@ -55,6 +55,11 @@
{
}
+void AnimationTimeline::forgetAnimation(WebAnimation* animation)
+{
+ m_allAnimations.remove(animation);
+}
+
void AnimationTimeline::animationTimingDidChange(WebAnimation& animation)
{
if (m_animations.add(&animation)) {
Modified: trunk/Source/WebCore/animation/AnimationTimeline.h (237867 => 237868)
--- trunk/Source/WebCore/animation/AnimationTimeline.h 2018-11-06 16:14:27 UTC (rev 237867)
+++ trunk/Source/WebCore/animation/AnimationTimeline.h 2018-11-06 17:44:40 UTC (rev 237868)
@@ -48,6 +48,7 @@
public:
bool isDocumentTimeline() const { return m_classType == DocumentTimelineClass; }
+ void forgetAnimation(WebAnimation*);
virtual void animationTimingDidChange(WebAnimation&);
virtual void removeAnimation(WebAnimation&);
Modified: trunk/Source/WebCore/animation/DocumentTimeline.cpp (237867 => 237868)
--- trunk/Source/WebCore/animation/DocumentTimeline.cpp 2018-11-06 16:14:27 UTC (rev 237867)
+++ trunk/Source/WebCore/animation/DocumentTimeline.cpp 2018-11-06 17:44:40 UTC (rev 237868)
@@ -131,7 +131,7 @@
// First, let's get all qualifying animations in their right group.
for (const auto& animation : m_allAnimations) {
- if (!animation || !animation->isRelevant() || animation->timeline() != this || !is<KeyframeEffect>(animation->effect()))
+ if (!animation->isRelevant() || animation->timeline() != this || !is<KeyframeEffect>(animation->effect()))
continue;
auto* target = downcast<KeyframeEffect>(animation->effect())->target();
Modified: trunk/Source/WebCore/animation/WebAnimation.cpp (237867 => 237868)
--- trunk/Source/WebCore/animation/WebAnimation.cpp 2018-11-06 16:14:27 UTC (rev 237867)
+++ trunk/Source/WebCore/animation/WebAnimation.cpp 2018-11-06 17:44:40 UTC (rev 237868)
@@ -68,6 +68,8 @@
WebAnimation::~WebAnimation()
{
+ if (m_timeline)
+ m_timeline->forgetAnimation(this);
}
void WebAnimation::remove()
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
