Skip to site navigation (Press enter)

[webkit-changes] [239174] trunk

bfulgham Thu, 13 Dec 2018 12:31:17 -0800

Title: [239174] trunk

Revision: 239174
Author: bfulg...@apple.com
Date: 2018-12-13 12:30:01 -0800 (Thu, 13 Dec 2018)

Log Message

Don't attempt to animate invalid CSS properties
https://bugs.webkit.org/show_bug.cgi?id=192630
<rdar://problem/46664433>


Reviewed by Antoine Quint.

Source/WebCore:

Inherited animation properties can cause child elements to think they need to animate CSS properties
that they do not support, leading to nullptr crashes.

Recognize that CSSPropertyInvalid is a potential requested animation property, and handle it
cleanly.

Tests: animations/invalid-property-animation.html

* page/animation/CompositeAnimation.cpp:
(WebCore::CompositeAnimation::updateTransitions):
* svg/SVGAnimateElementBase.cpp:
(WebCore::SVGAnimateElementBase::calculateAnimatedValue):

LayoutTests:

* animations/invalid-property-animation-expected.txt: Added.
* animations/invalid-property-animation.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/page/animation/CompositeAnimation.cpp

Added Paths

trunk/LayoutTests/animations/invalid-property-animation-expected.txt
trunk/LayoutTests/animations/invalid-property-animation.html

Diff

Modified: trunk/LayoutTests/ChangeLog (239173 => 239174)


--- trunk/LayoutTests/ChangeLog	2018-12-13 19:56:44 UTC (rev 239173)
+++ trunk/LayoutTests/ChangeLog	2018-12-13 20:30:01 UTC (rev 239174)
@@ -1,3 +1,14 @@
+2018-12-13  Brent Fulgham  <bfulg...@apple.com>
+
+        Don't attempt to animate invalid CSS properties
+        https://bugs.webkit.org/show_bug.cgi?id=192630
+        <rdar://problem/46664433>
+
+        Reviewed by Antoine Quint.
+
+        * animations/invalid-property-animation-expected.txt: Added.
+        * animations/invalid-property-animation.html: Added.
+
 2018-12-13  Eric Carlson  <eric.carl...@apple.com>
 
         [MediaStream] Calculate width or height when constraints contain only the other

Added: trunk/LayoutTests/animations/invalid-property-animation-expected.txt (0 => 239174)


--- trunk/LayoutTests/animations/invalid-property-animation-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/animations/invalid-property-animation-expected.txt	2018-12-13 20:30:01 UTC (rev 239174)
@@ -0,0 +1,3 @@
+The test passes if it does not crash.
+
+

Added: trunk/LayoutTests/animations/invalid-property-animation.html (0 => 239174)


--- trunk/LayoutTests/animations/invalid-property-animation.html	                        (rev 0)
+++ trunk/LayoutTests/animations/invalid-property-animation.html	2018-12-13 20:30:01 UTC (rev 239174)
@@ -0,0 +1,19 @@
+<!DOCTYPE html> 
+<html>
+<head>
+<script>
+function runTest() {
+    if (window.testRunner) {
+        testRunner.dumpAsText(true);
+        internals.updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks();
+    }
+}
+</script>
+</head>
+<body _onload_="runTest()">
+    <p>The test passes if it does not crash.</p>
+    <button style="transition: width">
+        <embed style="transition-delay: inherit" src=""
+    </button>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (239173 => 239174)


--- trunk/Source/WebCore/ChangeLog	2018-12-13 19:56:44 UTC (rev 239173)
+++ trunk/Source/WebCore/ChangeLog	2018-12-13 20:30:01 UTC (rev 239174)
@@ -1,3 +1,24 @@
+2018-12-13  Brent Fulgham  <bfulg...@apple.com>
+
+        Don't attempt to animate invalid CSS properties
+        https://bugs.webkit.org/show_bug.cgi?id=192630
+        <rdar://problem/46664433>
+
+        Reviewed by Antoine Quint.
+
+        Inherited animation properties can cause child elements to think they need to animate CSS properties
+        that they do not support, leading to nullptr crashes.
+
+        Recognize that CSSPropertyInvalid is a potential requested animation property, and handle it
+        cleanly.
+
+        Tests: animations/invalid-property-animation.html
+
+        * page/animation/CompositeAnimation.cpp:
+        (WebCore::CompositeAnimation::updateTransitions):
+        * svg/SVGAnimateElementBase.cpp:
+        (WebCore::SVGAnimateElementBase::calculateAnimatedValue):
+
 2018-12-13  Timothy Hatcher  <timo...@apple.com>
 
         REGRESSION (r230064): Focus rings on webpages are fainter than in native UI.

Modified: trunk/Source/WebCore/page/animation/CompositeAnimation.cpp (239173 => 239174)


--- trunk/Source/WebCore/page/animation/CompositeAnimation.cpp	2018-12-13 19:56:44 UTC (rev 239173)
+++ trunk/Source/WebCore/page/animation/CompositeAnimation.cpp	2018-12-13 20:30:01 UTC (rev 239174)
@@ -115,6 +115,12 @@
                         continue;
                 }
 
+                if (prop == CSSPropertyInvalid) {
+                    if (!all)
+                        break;
+                    continue;
+                }
+                
                 // ImplicitAnimations are always hashed by actual properties, never animateAll.
                 ASSERT(prop >= firstCSSProperty && prop < (firstCSSProperty + numCSSProperties));

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes