Modified: trunk/LayoutTests/ChangeLog (94470 => 94471)
--- trunk/LayoutTests/ChangeLog 2011-09-03 00:41:32 UTC (rev 94470)
+++ trunk/LayoutTests/ChangeLog 2011-09-03 00:42:36 UTC (rev 94471)
@@ -1,3 +1,17 @@
+2011-09-02 Chris Marrin <[email protected]>
+
+ https://bugs.webkit.org/show_bug.cgi?id=67510
+ Crash can occur when doing a PlatformCAAnimation::copy() with no valueFunction
+
+ Reviewed by Simon Fraser.
+
+ Test to tickle crash when pause is called. Currently animation-play-state is broken
+ (https://bugs.webkit.org/show_bug.cgi?id=67540) so this test doesn't reliably
+ tickle the crash, but it does on occasion.
+
+ * animations/pause-crash-expected.txt: Added.
+ * animations/pause-crash.html: Added.
+
2011-09-02 James Robinson <[email protected]>
[chromium] Update baselines and expectations.
Added: trunk/LayoutTests/animations/pause-crash-expected.txt (0 => 94471)
--- trunk/LayoutTests/animations/pause-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/animations/pause-crash-expected.txt 2011-09-03 00:42:36 UTC (rev 94471)
@@ -0,0 +1,3 @@
+Tests pause and resume animation. Should not crash. (https://bugs.webkit.org/show_bug.cgi?id=67510)
+
+Did not crash, so PASSED
Added: trunk/LayoutTests/animations/pause-crash.html (0 => 94471)
--- trunk/LayoutTests/animations/pause-crash.html (rev 0)
+++ trunk/LayoutTests/animations/pause-crash.html 2011-09-03 00:42:36 UTC (rev 94471)
@@ -0,0 +1,59 @@
+<html>
+<head>
+ <title>Pause and resume animation should not crash</title>
+ <style type="text/css" media="screen">
+ .box {
+ height: 100px;
+ width: 100px;
+ margin: 10px;
+ background-color: blue;
+ -webkit-animation-duration: 2s;
+ -webkit-animation-direction: alternate;
+ -webkit-animation-iteration-count: infinite;
+ }
+
+ @-webkit-keyframes anim {
+ from { -webkit-transform: matrix3d(1,0,0,0, 0,1,0,0, 0,0,1,0, 0,0,0,1); }
+ to { -webkit-transform: matrix3d(1,0,0,0, 0,1,0,0, 0,0,1,0, 400,0,0,1); }
+ }
+ </style>
+ <script type="text/_javascript_" charset="utf-8">
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ }
+
+ function animationStarted()
+ {
+ setTimeout(function() {
+ document.getElementById('box1').style.webkitAnimationPlayState = "paused";
+ setTimeout(function() {
+ document.getElementById('box1').style.webkitAnimationPlayState = "running";
+ setTimeout(function() {
+ document.getElementById('results').innerHTML = 'Did not crash, so PASSED';
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }, 50);
+ }, 50);
+ }, 50);
+ }
+
+ function startTest()
+ {
+ document.getElementById('box1').addEventListener('webkitAnimationStart', animationStarted);
+ document.getElementById('box1').style.webkitAnimationName = "anim";
+ }
+
+ window.addEventListener('load', startTest, false);
+ </script>
+</head>
+<body>
+
+<p>Tests pause and resume animation. Should not crash. (https://bugs.webkit.org/show_bug.cgi?id=67510)</p>
+
+<div id="container">
+ <div id="box1" class="box"></div>
+</div>
+<div id="results"></div>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (94470 => 94471)
--- trunk/Source/WebCore/ChangeLog 2011-09-03 00:41:32 UTC (rev 94470)
+++ trunk/Source/WebCore/ChangeLog 2011-09-03 00:42:36 UTC (rev 94471)
@@ -1,3 +1,18 @@
+2011-09-02 Chris Marrin <[email protected]>
+
+ https://bugs.webkit.org/show_bug.cgi?id=67510
+ Crash can occur when doing a PlatformCAAnimation::copy() with no valueFunction
+
+ Reviewed by Simon Fraser.
+
+ Do a null check in two places to avoid sending nulls to CACF ValueFunction API.
+
+ Test: animations/pause-crash.html
+
+ * platform/graphics/ca/win/PlatformCAAnimationWin.cpp:
+ (PlatformCAAnimation::valueFunction):
+ (PlatformCAAnimation::setValueFunction):
+
2011-09-02 Bill Budge <[email protected]>
Add a 'didDownloadData' method to ResourceLoader, SubresourceLoader,
Modified: trunk/Source/WebCore/platform/graphics/ca/win/PlatformCAAnimationWin.cpp (94470 => 94471)
--- trunk/Source/WebCore/platform/graphics/ca/win/PlatformCAAnimationWin.cpp 2011-09-03 00:41:32 UTC (rev 94470)
+++ trunk/Source/WebCore/platform/graphics/ca/win/PlatformCAAnimationWin.cpp 2011-09-03 00:42:36 UTC (rev 94471)
@@ -319,12 +319,14 @@
PlatformCAAnimation::ValueFunctionType PlatformCAAnimation::valueFunction() const
{
- return fromCACFValueFunctionType(CACFValueFunctionGetName(CACFAnimationGetValueFunction(m_animation.get())));
+ CACFValueFunctionRef func = CACFAnimationGetValueFunction(m_animation.get());
+ return func ? fromCACFValueFunctionType(CACFValueFunctionGetName(func)) : NoValueFunction;
}
void PlatformCAAnimation::setValueFunction(ValueFunctionType value)
{
- CACFAnimationSetValueFunction(m_animation.get(), CACFValueFunctionGetFunctionWithName(toCACFValueFunctionType(value)));
+ CFStringRef valueString = toCACFValueFunctionType(value);
+ CACFAnimationSetValueFunction(m_animation.get(), valueString ? CACFValueFunctionGetFunctionWithName(valueString) : 0);
}
void PlatformCAAnimation::setFromValue(float value)
