Skip to site navigation (Press enter)

[webkit-changes] [250737] trunk/Source/WebCore

commit-queue Fri, 04 Oct 2019 12:30:59 -0700

Title: [250737] trunk/Source/WebCore

Revision: 250737
Author: commit-qu...@webkit.org
Date: 2019-10-04 12:29:36 -0700 (Fri, 04 Oct 2019)

Log Message

Crash in debug build with imported/w3c/web-platform-tests/web-animations/timing-model/timelines/update-and-send-events-replacement.html
https://bugs.webkit.org/show_bug.cgi?id=202583


Patch by Antoine Quint <grao...@apple.com> on 2019-10-04
Reviewed by Dean Jackson.

Ensure we remove the animation from the timeline it's currently associated with since it may have changed since its creation. This caused
a crash because we have an assertion in AnimationTimeline::removeAnimation() to check that the animation belonged to the timeline it's called on.

* animation/DocumentTimeline.cpp:
(WebCore::DocumentTimeline::removeReplacedAnimations):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/animation/DocumentTimeline.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (250736 => 250737)


--- trunk/Source/WebCore/ChangeLog	2019-10-04 19:28:07 UTC (rev 250736)
+++ trunk/Source/WebCore/ChangeLog	2019-10-04 19:29:36 UTC (rev 250737)
@@ -1,3 +1,16 @@
+2019-10-04  Antoine Quint  <grao...@apple.com>
+
+        Crash in debug build with imported/w3c/web-platform-tests/web-animations/timing-model/timelines/update-and-send-events-replacement.html
+        https://bugs.webkit.org/show_bug.cgi?id=202583
+
+        Reviewed by Dean Jackson.
+
+        Ensure we remove the animation from the timeline it's currently associated with since it may have changed since its creation. This caused
+        a crash because we have an assertion in AnimationTimeline::removeAnimation() to check that the animation belonged to the timeline it's called on.
+
+        * animation/DocumentTimeline.cpp:
+        (WebCore::DocumentTimeline::removeReplacedAnimations):
+
 2019-10-04  Tim Horton  <timothy_hor...@apple.com>
 
         Clean up some includes to make the build a bit faster: DOMPromise

Modified: trunk/Source/WebCore/animation/DocumentTimeline.cpp (250736 => 250737)


--- trunk/Source/WebCore/animation/DocumentTimeline.cpp	2019-10-04 19:28:07 UTC (rev 250736)
+++ trunk/Source/WebCore/animation/DocumentTimeline.cpp	2019-10-04 19:29:36 UTC (rev 250737)
@@ -492,8 +492,10 @@
         }
     }
 
-    for (auto& animation : animationsToRemove)
-        removeAnimation(*animation);
+    for (auto& animation : animationsToRemove) {
+        if (auto* timeline = animation->timeline())
+            timeline->removeAnimation(*animation);
+    }
 }
 
 void DocumentTimeline::transitionDidComplete(RefPtr<CSSTransition> transition)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes