Diff
Modified: branches/safari-613-branch/LayoutTests/ChangeLog (293119 => 293120)
--- branches/safari-613-branch/LayoutTests/ChangeLog 2022-04-20 21:47:03 UTC (rev 293119)
+++ branches/safari-613-branch/LayoutTests/ChangeLog 2022-04-20 21:47:09 UTC (rev 293120)
@@ -363,49 +363,6 @@
* fast/files/blob-with-fragment-as-frame-url-expected.txt: Added.
* fast/files/blob-with-fragment-as-frame-url.html: Added.
-2022-04-19 Alan Coon <[email protected]>
-
- Cherry-pick r291281. rdar://problem/90245637
-
- Crash in KeyframeList.cpp:183 in WebCore::KeyframeList::fillImplicitKeyframes
- https://bugs.webkit.org/show_bug.cgi?id=237858
-
- Reviewed by Antoine Quint.
-
- Source/WebCore:
-
- When filling implicit key frames, we iterate through the current keyframes (m_keyframes),
- and cache the address of the implicitZeroKeyframe and implicitOneKeyframe.
-
- However, if we're not provided with an existing implicit zero keyframe, we will create a new one
- and insert it to the list of current keyframes.
-
- This mutates m_keyframes and the old address for the implicitOneKeyframe would no longer be valid.
- Thus we should iterate through the current keyframes, after the insertion, to get the latest address.
-
- Test: animations/fill-implicit-keyframes-crash.html
-
- * rendering/style/KeyframeList.cpp:
- (WebCore::KeyframeList::fillImplicitKeyframes):
-
- LayoutTests:
-
- * animations/fill-implicit-keyframes-crash-expected.txt: Added.
- * animations/fill-implicit-keyframes-crash.html: Added.
-
-
- git-svn-id: https://svn.webkit.org/repository/webkit/trunk@291281 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
- 2022-03-15 Gabriel Nava Marino <[email protected]>
-
- Crash in KeyframeList.cpp:183 in WebCore::KeyframeList::fillImplicitKeyframes
- https://bugs.webkit.org/show_bug.cgi?id=237858
-
- Reviewed by Antoine Quint.
-
- * animations/fill-implicit-keyframes-crash-expected.txt: Added.
- * animations/fill-implicit-keyframes-crash.html: Added.
-
2022-04-18 Kocsen Chung <[email protected]>
Cherry-pick r292858. rdar://problem/90699078
Deleted: branches/safari-613-branch/LayoutTests/animations/fill-implicit-keyframes-crash-expected.txt (293119 => 293120)
--- branches/safari-613-branch/LayoutTests/animations/fill-implicit-keyframes-crash-expected.txt 2022-04-20 21:47:03 UTC (rev 293119)
+++ branches/safari-613-branch/LayoutTests/animations/fill-implicit-keyframes-crash-expected.txt 2022-04-20 21:47:09 UTC (rev 293120)
@@ -1,2 +0,0 @@
-CONSOLE MESSAGE: This test passes if it does not crash.
-
Deleted: branches/safari-613-branch/LayoutTests/animations/fill-implicit-keyframes-crash.html (293119 => 293120)
--- branches/safari-613-branch/LayoutTests/animations/fill-implicit-keyframes-crash.html 2022-04-20 21:47:03 UTC (rev 293119)
+++ branches/safari-613-branch/LayoutTests/animations/fill-implicit-keyframes-crash.html 2022-04-20 21:47:09 UTC (rev 293120)
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<style>
- body {
- animation-name: a0;
- animation-duration: 100ms
- }
- @keyframes a0 {
- 10% {
- scale: 1
- }
- 11%, 12%, 13%, 14%, 15%, 16%, 17%, 18%, 19%, 20%, 21%, 22%, 23%, 24%, 100% {
- background: blue
- }
-
- }
-</style>
-<script>
- _onload_ = () => {
- if (window.testRunner)
- testRunner.dumpAsText();
- console.log("This test passes if it does not crash.");
- }
-</script>
Modified: branches/safari-613-branch/Source/WebCore/ChangeLog (293119 => 293120)
--- branches/safari-613-branch/Source/WebCore/ChangeLog 2022-04-20 21:47:03 UTC (rev 293119)
+++ branches/safari-613-branch/Source/WebCore/ChangeLog 2022-04-20 21:47:09 UTC (rev 293120)
@@ -1129,60 +1129,6 @@
2022-04-19 Alan Coon <[email protected]>
- Cherry-pick r291281. rdar://problem/90245637
-
- Crash in KeyframeList.cpp:183 in WebCore::KeyframeList::fillImplicitKeyframes
- https://bugs.webkit.org/show_bug.cgi?id=237858
-
- Reviewed by Antoine Quint.
-
- Source/WebCore:
-
- When filling implicit key frames, we iterate through the current keyframes (m_keyframes),
- and cache the address of the implicitZeroKeyframe and implicitOneKeyframe.
-
- However, if we're not provided with an existing implicit zero keyframe, we will create a new one
- and insert it to the list of current keyframes.
-
- This mutates m_keyframes and the old address for the implicitOneKeyframe would no longer be valid.
- Thus we should iterate through the current keyframes, after the insertion, to get the latest address.
-
- Test: animations/fill-implicit-keyframes-crash.html
-
- * rendering/style/KeyframeList.cpp:
- (WebCore::KeyframeList::fillImplicitKeyframes):
-
- LayoutTests:
-
- * animations/fill-implicit-keyframes-crash-expected.txt: Added.
- * animations/fill-implicit-keyframes-crash.html: Added.
-
-
- git-svn-id: https://svn.webkit.org/repository/webkit/trunk@291281 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
- 2022-03-15 Gabriel Nava Marino <[email protected]>
-
- Crash in KeyframeList.cpp:183 in WebCore::KeyframeList::fillImplicitKeyframes
- https://bugs.webkit.org/show_bug.cgi?id=237858
-
- Reviewed by Antoine Quint.
-
- When filling implicit key frames, we iterate through the current keyframes (m_keyframes),
- and cache the address of the implicitZeroKeyframe and implicitOneKeyframe.
-
- However, if we're not provided with an existing implicit zero keyframe, we will create a new one
- and insert it to the list of current keyframes.
-
- This mutates m_keyframes and the old address for the implicitOneKeyframe would no longer be valid.
- Thus we should iterate through the current keyframes, after the insertion, to get the latest address.
-
- Test: animations/fill-implicit-keyframes-crash.html
-
- * rendering/style/KeyframeList.cpp:
- (WebCore::KeyframeList::fillImplicitKeyframes):
-
-2022-04-19 Alan Coon <[email protected]>
-
Cherry-pick r290201. rdar://problem/88672183
REGRESSION (r287524): hihello.me does not show sliding sheet at the bottom of the page
Modified: branches/safari-613-branch/Source/WebCore/rendering/style/KeyframeList.cpp (293119 => 293120)
--- branches/safari-613-branch/Source/WebCore/rendering/style/KeyframeList.cpp 2022-04-20 21:47:03 UTC (rev 293119)
+++ branches/safari-613-branch/Source/WebCore/rendering/style/KeyframeList.cpp 2022-04-20 21:47:09 UTC (rev 293120)
@@ -168,6 +168,11 @@
zeroKeyframeImplicitProperties.remove(cssPropertyId);
if (!implicitZeroKeyframe && isSuitableKeyframeForImplicitValues(keyframe))
implicitZeroKeyframe = &keyframe;
+ } else if (keyframe.key() == 1) {
+ for (auto cssPropertyId : keyframe.properties())
+ oneKeyframeImplicitProperties.remove(cssPropertyId);
+ if (!implicitOneKeyframe && isSuitableKeyframeForImplicitValues(keyframe))
+ implicitOneKeyframe = &keyframe;
}
}
@@ -197,16 +202,6 @@
if (!zeroKeyframeImplicitProperties.isEmpty())
addImplicitKeyframe(0, zeroKeyframeImplicitProperties, zeroPercentKeyframe(), implicitZeroKeyframe);
-
- for (auto& keyframe : m_keyframes) {
- if (keyframe.key() == 1) {
- for (auto cssPropertyId : keyframe.properties())
- oneKeyframeImplicitProperties.remove(cssPropertyId);
- if (!implicitOneKeyframe && isSuitableKeyframeForImplicitValues(keyframe))
- implicitOneKeyframe = &keyframe;
- }
- }
-
if (!oneKeyframeImplicitProperties.isEmpty())
addImplicitKeyframe(1, oneKeyframeImplicitProperties, hundredPercentKeyframe(), implicitOneKeyframe);
}
