Title: [227830] branches/safari-605-branch/Source/WebCore
- Revision
- 227830
- Author
- [email protected]
- Date
- 2018-01-30 10:51:33 -0800 (Tue, 30 Jan 2018)
Log Message
Cherry-pick r227753. rdar://problem/37019534
Modified Paths
Diff
Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (227829 => 227830)
--- branches/safari-605-branch/Source/WebCore/ChangeLog 2018-01-30 18:51:28 UTC (rev 227829)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog 2018-01-30 18:51:33 UTC (rev 227830)
@@ -1,5 +1,33 @@
2018-01-30 Jason Marcell <[email protected]>
+ Cherry-pick r227753. rdar://problem/37019534
+
+ 2018-01-29 Antti Koivisto <[email protected]>
+
+ CalcExpressionBlendLength::evaluate hits stack limit
+ https://bugs.webkit.org/show_bug.cgi?id=182243
+
+ Reviewed by Zalan Bujtas.
+
+ Speculative fix to prevent nesting of CalcExpressionBlendLength.
+
+ No test, don't know how to make one.
+
+ * platform/CalculationValue.cpp:
+ (WebCore::CalcExpressionBlendLength::CalcExpressionBlendLength):
+
+ CalcExpressionBlendLength is only used in Length values of animated style. Normally such styles are not used
+ as input for further blending but there are some paths where this could in principle happen. Repeated
+ application (for each animation frame) could construct CalcExpressionBlendLength _expression_ that blows
+ the stack when evaluated.
+
+ Speculatively fix by flattening any nesting.
+
+ * platform/CalculationValue.h:
+ (WebCore::CalcExpressionBlendLength::CalcExpressionBlendLength): Deleted.
+
+2018-01-30 Jason Marcell <[email protected]>
+
Cherry-pick r227745. rdar://problem/37019493
2018-01-29 Chris Dumez <[email protected]>
Modified: branches/safari-605-branch/Source/WebCore/platform/CalculationValue.cpp (227829 => 227830)
--- branches/safari-605-branch/Source/WebCore/platform/CalculationValue.cpp 2018-01-30 18:51:28 UTC (rev 227829)
+++ branches/safari-605-branch/Source/WebCore/platform/CalculationValue.cpp 2018-01-30 18:51:33 UTC (rev 227830)
@@ -167,6 +167,20 @@
ts << m_length;
}
+CalcExpressionBlendLength::CalcExpressionBlendLength(Length from, Length to, float progress)
+ : CalcExpressionNode(CalcExpressionNodeBlendLength)
+ , m_from(from)
+ , m_to(to)
+ , m_progress(progress)
+{
+ // Flatten nesting of CalcExpressionBlendLength as a speculative fix for rdar://problem/30533005.
+ // CalcExpressionBlendLength is only used as a result of animation and they don't nest in normal cases.
+ if (m_from.isCalculated() && m_from.calculationValue()._expression_().type() == CalcExpressionNodeBlendLength)
+ m_from = toCalcExpressionBlendLength(m_from.calculationValue()._expression_()).from();
+ if (m_to.isCalculated() && m_to.calculationValue()._expression_().type() == CalcExpressionNodeBlendLength)
+ m_to = toCalcExpressionBlendLength(m_from.calculationValue()._expression_()).to();
+}
+
float CalcExpressionBlendLength::evaluate(float maxValue) const
{
return (1.0f - m_progress) * floatValueForLength(m_from, maxValue) + m_progress * floatValueForLength(m_to, maxValue);
Modified: branches/safari-605-branch/Source/WebCore/platform/CalculationValue.h (227829 => 227830)
--- branches/safari-605-branch/Source/WebCore/platform/CalculationValue.h 2018-01-30 18:51:28 UTC (rev 227829)
+++ branches/safari-605-branch/Source/WebCore/platform/CalculationValue.h 2018-01-30 18:51:33 UTC (rev 227830)
@@ -219,14 +219,6 @@
return static_cast<const CalcExpressionOperation&>(value);
}
-inline CalcExpressionBlendLength::CalcExpressionBlendLength(Length from, Length to, float progress)
- : CalcExpressionNode(CalcExpressionNodeBlendLength)
- , m_from(from)
- , m_to(to)
- , m_progress(progress)
-{
-}
-
inline bool operator==(const CalcExpressionBlendLength& a, const CalcExpressionBlendLength& b)
{
return a.progress() == b.progress() && a.from() == b.from() && a.to() == b.to();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
