Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 41db051039b0b4670106dc3937a4c8598c39ea48 https://github.com/WebKit/WebKit/commit/41db051039b0b4670106dc3937a4c8598c39ea48 Author: Ahmad Saleem <ahmad.saleem792+git...@gmail.com> Date: 2023-03-31 (Fri, 31 Mar 2023)
Changed paths: A LayoutTests/svg/animations/simple-duration-mutation-crash-expected.txt A LayoutTests/svg/animations/simple-duration-mutation-crash.html M Source/WebCore/svg/animation/SVGSMILElement.cpp Log Message: ----------- Make SMIL interval position calculations more resilient https://bugs.webkit.org/show_bug.cgi?id=254702 Reviewed by Simon Fraser. Merge - https://chromium.googlesource.com/chromium/src.git/+/c9db58439d9c5218b26640fa65780d6dd505734c When 'dur' is mutated, all dependent state is not updated at once, but rather lazily. This means that we can get into an inconsistent state where some timing parameters have been applied while some have not, and code that uses - and thus realizes - the state changes will be first to observe them. This can for instance lead to an interval position of NaN being computed, which would wreak havoc when computing values. For the specific case, we'd first get an 'indefinite' simple duration and compute an interval thereafter. When 'dur' is then modified to a finite value the simple duration will not be updated until the next frame is computed (triggered by mutation of 'end'), leaving us with a valid/finite simple duration but an infinite interval. (This then results in arithmetic with Inf, yielding a NaN value for |percent|.) Properly updating all the interval computation state on mutations is a somewhat involved task, so paper over it for now by computing the (last) active duration differently depending on the case we're in. While this change is a bit of a workaround, it should be a perfectly reasonable change on its own. * Source/WebCore/svg/animations/SVGSMILElement.cpp: (SVGSMILElement:: calculateAnimationPercentAndRepeat): Update 'percent' * LayoutTests/svg/animations/simple-duration-mutation-crash.html: Add Test Case * LayoutTests/svg/animations/simple-duration-mutation-crash-expected.txt: Add Test Case Expectation Canonical link: https://commits.webkit.org/262425@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes