Title: [226588] branches/safari-604-branch/Source/WebCore
- Revision
- 226588
- Author
- [email protected]
- Date
- 2018-01-08 15:51:01 -0800 (Mon, 08 Jan 2018)
Log Message
Cherry-pick r226457. rdar://problem/36323985
Modified Paths
Diff
Modified: branches/safari-604-branch/Source/WebCore/ChangeLog (226587 => 226588)
--- branches/safari-604-branch/Source/WebCore/ChangeLog 2018-01-08 23:50:58 UTC (rev 226587)
+++ branches/safari-604-branch/Source/WebCore/ChangeLog 2018-01-08 23:51:01 UTC (rev 226588)
@@ -1,3 +1,28 @@
+2018-01-05 Jason Marcell <[email protected]>
+
+ Cherry-pick r226457. rdar://problem/36323985
+
+ 2018-01-05 Said Abou-Hallawa <[email protected]>
+
+ SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded() should do nothing if the property is not animating
+ https://bugs.webkit.org/show_bug.cgi?id=181316
+ <rdar://problem/36147545>
+
+ Reviewed by Simon Fraser.
+
+ This is a speculative change to fix a crash which appeared after r226065.
+ The crash is very intermittent and sometimes very hard to reproduce. The
+ basic code analysis did not show how this crash can even happen.
+
+ * svg/SVGAnimatedTypeAnimator.h:
+ (WebCore::SVGAnimatedTypeAnimator::resetFromBaseValues): For SVG property
+ with two values, e.g. <SVGAngleValue, SVGMarkerOrientType>, we need to
+ detach the wrappers of the animated property if the animated values are
+ going to change. This is similar to what we did in resetFromBaseValue().
+
+ * svg/properties/SVGAnimatedListPropertyTearOff.h:
+ (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
+
2017-12-18 Jason Marcell <[email protected]>
Apply patch. rdar://problem/36257607
Modified: branches/safari-604-branch/Source/WebCore/svg/SVGAnimatedTypeAnimator.h (226587 => 226588)
--- branches/safari-604-branch/Source/WebCore/svg/SVGAnimatedTypeAnimator.h 2018-01-08 23:50:58 UTC (rev 226587)
+++ branches/safari-604-branch/Source/WebCore/svg/SVGAnimatedTypeAnimator.h 2018-01-08 23:51:01 UTC (rev 226588)
@@ -127,10 +127,14 @@
{
ASSERT(animatedTypes[0].properties.size() == 2);
ASSERT(type.type() == m_type);
+ auto* firstProperty = castAnimatedPropertyToActualType<AnimValType1>(animatedTypes[0].properties[0].get());
+ auto* secondProperty = castAnimatedPropertyToActualType<AnimValType2>(animatedTypes[0].properties[1].get());
+ firstProperty->synchronizeWrappersIfNeeded();
+ secondProperty->synchronizeWrappersIfNeeded();
std::pair<typename AnimValType1::ContentType, typename AnimValType2::ContentType>& animatedTypeValue = (type.*getter)();
- animatedTypeValue.first = castAnimatedPropertyToActualType<AnimValType1>(animatedTypes[0].properties[0].get())->currentBaseValue();
- animatedTypeValue.second = castAnimatedPropertyToActualType<AnimValType2>(animatedTypes[0].properties[1].get())->currentBaseValue();
+ animatedTypeValue.first = firstProperty->currentBaseValue();
+ animatedTypeValue.second = secondProperty->currentBaseValue();
executeAction<AnimValType1>(StartAnimationAction, animatedTypes, 0, &animatedTypeValue.first);
executeAction<AnimValType2>(StartAnimationAction, animatedTypes, 1, &animatedTypeValue.second);
Modified: branches/safari-604-branch/Source/WebCore/svg/properties/SVGAnimatedListPropertyTearOff.h (226587 => 226588)
--- branches/safari-604-branch/Source/WebCore/svg/properties/SVGAnimatedListPropertyTearOff.h 2018-01-08 23:50:58 UTC (rev 226587)
+++ branches/safari-604-branch/Source/WebCore/svg/properties/SVGAnimatedListPropertyTearOff.h 2018-01-08 23:51:01 UTC (rev 226588)
@@ -138,7 +138,11 @@
void synchronizeWrappersIfNeeded()
{
- ASSERT(isAnimating());
+ if (!isAnimating()) {
+ // This should never happen, but we've seen it in the field. Please comment in bug #181316 if you hit this.
+ ASSERT_NOT_REACHED();
+ return;
+ }
// Eventually the wrapper list needs synchronization because any SVGAnimateLengthList::calculateAnimatedValue() call may
// mutate the length of our values() list, and thus the wrapper() cache needs synchronization, to have the same size.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
