[webkit-changes] [133215] branches/safari-536.28-branch

Thu, 01 Nov 2012 13:11:57 -0700

Title: [133215] branches/safari-536.28-branch

Diff

Modified: branches/safari-536.28-branch/LayoutTests/ChangeLog (133214 => 133215)


--- branches/safari-536.28-branch/LayoutTests/ChangeLog	2012-11-01 19:41:08 UTC (rev 133214)
+++ branches/safari-536.28-branch/LayoutTests/ChangeLog	2012-11-01 20:13:20 UTC (rev 133215)
@@ -1,5 +1,24 @@
 2012-10-31  Lucas Forschler  <[email protected]>
 
+        Merge r122755
+
+    2012-07-16  Florin Malita  <[email protected]>
+
+            SVGAnimationElement::currentValuesForValuesAnimation crash
+            https://bugs.webkit.org/show_bug.cgi?id=91326
+
+            Reviewed by Simon Fraser.
+
+            SVGSMILElement::progress() assumes that seekToIntervalCorrespondingToTime() always
+            lands inside a defined interval, but one can force arbitrary time offsets using
+            setCurrentTime(). This patch adds logic for handling non-interval time offsets
+            gracefully.
+
+            * svg/animations/smil-setcurrenttime-crash-expected.txt: Added.
+            * svg/animations/smil-setcurrenttime-crash.svg: Added.
+
+2012-10-31  Lucas Forschler  <[email protected]>
+
         Merge r122278
 
     2012-07-10  Philip Rogers  <[email protected]>
@@ -10563,3 +10582,4 @@
 .
 .
 .
+.

Copied: branches/safari-536.28-branch/LayoutTests/svg/animations/smil-setcurrenttime-crash-expected.txt (from rev 122755, trunk/LayoutTests/svg/animations/smil-setcurrenttime-crash-expected.txt) (0 => 133215)


--- branches/safari-536.28-branch/LayoutTests/svg/animations/smil-setcurrenttime-crash-expected.txt	                        (rev 0)
+++ branches/safari-536.28-branch/LayoutTests/svg/animations/smil-setcurrenttime-crash-expected.txt	2012-11-01 20:13:20 UTC (rev 133215)
@@ -0,0 +1 @@
+PASS: not crashing.

Copied: branches/safari-536.28-branch/LayoutTests/svg/animations/smil-setcurrenttime-crash.svg (from rev 122755, trunk/LayoutTests/svg/animations/smil-setcurrenttime-crash.svg) (0 => 133215)


--- branches/safari-536.28-branch/LayoutTests/svg/animations/smil-setcurrenttime-crash.svg	                        (rev 0)
+++ branches/safari-536.28-branch/LayoutTests/svg/animations/smil-setcurrenttime-crash.svg	2012-11-01 20:13:20 UTC (rev 133215)
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg">
+  <!-- Test for https://bugs.webkit.org/show_bug.cgi?id=91326 -->
+  <rect>
+    <animate attributeName="fill" begin="1s; 10s" dur="3s" fill="freeze" values="#000;#fff"/>
+  </rect>
+  <text>PASS: not crashing.</text>
+
+  <script>
+    if (window.testRunner)
+      testRunner.dumpAsText();
+
+    document.documentElement.setCurrentTime(5);
+  </script>
+</svg>
+

Modified: branches/safari-536.28-branch/Source/WebCore/ChangeLog (133214 => 133215)


--- branches/safari-536.28-branch/Source/WebCore/ChangeLog	2012-11-01 19:41:08 UTC (rev 133214)
+++ branches/safari-536.28-branch/Source/WebCore/ChangeLog	2012-11-01 20:13:20 UTC (rev 133215)
@@ -1,5 +1,26 @@
 2012-10-31  Lucas Forschler  <[email protected]>
 
+        Merge r122755
+
+    2012-07-16  Florin Malita  <[email protected]>
+
+            SVGAnimationElement::currentValuesForValuesAnimation crash
+            https://bugs.webkit.org/show_bug.cgi?id=91326
+
+            Reviewed by Simon Fraser.
+
+            SVGSMILElement::progress() assumes that seekToIntervalCorrespondingToTime() always
+            lands inside a defined interval, but one can force arbitrary time offsets using
+            setCurrentTime(). This patch adds logic for handling non-interval time offsets
+            gracefully.
+
+            Test: svg/animations/smil-setcurrenttime-crash.svg
+
+            * svg/animation/SVGSMILElement.cpp:
+            (WebCore::SVGSMILElement::progress):
+
+2012-10-31  Lucas Forschler  <[email protected]>
+
         Merge r122278
 
     2012-07-10  Philip Rogers  <[email protected]>
@@ -205751,3 +205772,4 @@
 .
 .
 .
+.

Modified: branches/safari-536.28-branch/Source/WebCore/svg/animation/SVGSMILElement.cpp (133214 => 133215)


--- branches/safari-536.28-branch/Source/WebCore/svg/animation/SVGSMILElement.cpp	2012-11-01 19:41:08 UTC (rev 133214)
+++ branches/safari-536.28-branch/Source/WebCore/svg/animation/SVGSMILElement.cpp	2012-11-01 20:13:20 UTC (rev 133215)
@@ -1040,7 +1040,11 @@
     // This call may obtain a new interval -- never call calculateAnimationPercentAndRepeat() before!
     if (seekToTime) {
         seekToIntervalCorrespondingToTime(elapsed);
-        ASSERT(elapsed >= m_intervalBegin);
+        if (elapsed < m_intervalBegin) {
+            // elapsed is not within an interval.
+            m_nextProgressTime = m_intervalBegin;
+            return;
+        }
     }
 
     unsigned repeat = 0;

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to