Title: [199561] trunk
- Revision
- 199561
- Author
- [email protected]
- Date
- 2016-04-14 15:35:36 -0700 (Thu, 14 Apr 2016)
Log Message
CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::CachedResource::addClientToSet + 27
https://bugs.webkit.org/show_bug.cgi?id=156602
<rdar://problem/18921091>
Reviewed by Simon Fraser.
Source/WebCore:
The CSS property list-style-image is inherited, so a transition on a parent
might cause a transition on a child. On that child, the value might be between
two generated crossfade images which haven't yet resolved, causing a crash.
Test: transitions/crossfade-transition.html
* css/CSSCrossfadeValue.cpp:
(WebCore::CSSCrossfadeValue::blend): Return null if there are no cached images.
* page/animation/CSSPropertyAnimation.cpp:
(WebCore::blendFunc): If we don't have an actual image to blend between, fall
out to the default case.
LayoutTests:
Tests that an animation between two inherited crossfade elements will not crash.
* transitions/crossfade-transition-expected.txt: Added.
* transitions/crossfade-transition.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (199560 => 199561)
--- trunk/LayoutTests/ChangeLog 2016-04-14 22:26:06 UTC (rev 199560)
+++ trunk/LayoutTests/ChangeLog 2016-04-14 22:35:36 UTC (rev 199561)
@@ -1,3 +1,16 @@
+2016-04-14 Dean Jackson <[email protected]>
+
+ CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::CachedResource::addClientToSet + 27
+ https://bugs.webkit.org/show_bug.cgi?id=156602
+ <rdar://problem/18921091>
+
+ Reviewed by Simon Fraser.
+
+ Tests that an animation between two inherited crossfade elements will not crash.
+
+ * transitions/crossfade-transition-expected.txt: Added.
+ * transitions/crossfade-transition.html: Added.
+
2016-04-14 Joseph Pecoraro <[email protected]>
Web Inspector: Add a _javascript_ Formatting test for template strings
Added: trunk/LayoutTests/transitions/crossfade-transition-expected.txt (0 => 199561)
--- trunk/LayoutTests/transitions/crossfade-transition-expected.txt (rev 0)
+++ trunk/LayoutTests/transitions/crossfade-transition-expected.txt 2016-04-14 22:35:36 UTC (rev 199561)
@@ -0,0 +1 @@
+Test passes if there is no crash
Property changes on: trunk/LayoutTests/transitions/crossfade-transition-expected.txt
___________________________________________________________________
Added: svn:mime-type
Added: svn:keywords
Added: svn:eol-style
Added: trunk/LayoutTests/transitions/crossfade-transition.html (0 => 199561)
--- trunk/LayoutTests/transitions/crossfade-transition.html (rev 0)
+++ trunk/LayoutTests/transitions/crossfade-transition.html 2016-04-14 22:35:36 UTC (rev 199561)
@@ -0,0 +1,36 @@
+<script>
+if (window.testRunner) {
+ window.testRunner.waitUntilDone();
+ window.testRunner.dumpAsText();
+}
+
+window.addEventListener("load", function () {
+ setTimeout(function () {
+ document.body.className = "foo";
+ if (window.testRunner) {
+ setTimeout(function () {
+ window.testRunner.notifyDone();
+ }, 50);
+ }
+ }, 0);
+}, false);
+</script>
+<style>
+.a > li,
+.a > li p {
+ transition: all 0.1s ease;
+}
+
+.a > li.b {
+ list-style-image: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1 1"><rect width="1" height="1" fill="blue"/></svg>');
+}
+.foo .a > li.b {
+ list-style-image: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1 1"><rect width="1" height="1" fill="red"/></svg>');
+}
+
+</style>
+<ul class="a">
+ <li class="b">
+ <p>Test passes if there is no crash</p>
+ </li>
+</ul>
Property changes on: trunk/LayoutTests/transitions/crossfade-transition.html
___________________________________________________________________
Added: svn:mime-type
Added: svn:keywords
Added: svn:eol-style
Modified: trunk/Source/WebCore/ChangeLog (199560 => 199561)
--- trunk/Source/WebCore/ChangeLog 2016-04-14 22:26:06 UTC (rev 199560)
+++ trunk/Source/WebCore/ChangeLog 2016-04-14 22:35:36 UTC (rev 199561)
@@ -1,3 +1,23 @@
+2016-04-14 Dean Jackson <[email protected]>
+
+ CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::CachedResource::addClientToSet + 27
+ https://bugs.webkit.org/show_bug.cgi?id=156602
+ <rdar://problem/18921091>
+
+ Reviewed by Simon Fraser.
+
+ The CSS property list-style-image is inherited, so a transition on a parent
+ might cause a transition on a child. On that child, the value might be between
+ two generated crossfade images which haven't yet resolved, causing a crash.
+
+ Test: transitions/crossfade-transition.html
+
+ * css/CSSCrossfadeValue.cpp:
+ (WebCore::CSSCrossfadeValue::blend): Return null if there are no cached images.
+ * page/animation/CSSPropertyAnimation.cpp:
+ (WebCore::blendFunc): If we don't have an actual image to blend between, fall
+ out to the default case.
+
2016-04-14 Antonio Gomes <[email protected]>
Allow listbox content and scrollbar to intrude padding area.
Modified: trunk/Source/WebCore/css/CSSCrossfadeValue.cpp (199560 => 199561)
--- trunk/Source/WebCore/css/CSSCrossfadeValue.cpp 2016-04-14 22:26:06 UTC (rev 199560)
+++ trunk/Source/WebCore/css/CSSCrossfadeValue.cpp 2016-04-14 22:35:36 UTC (rev 199561)
@@ -194,6 +194,8 @@
RefPtr<CSSCrossfadeValue> CSSCrossfadeValue::blend(const CSSCrossfadeValue& from, double progress) const
{
ASSERT(equalInputImages(from));
+ if (!m_cachedToImage || !m_cachedFromImage)
+ return nullptr;
RefPtr<StyleCachedImage> toStyledImage = StyleCachedImage::create(m_cachedToImage.get());
RefPtr<StyleCachedImage> fromStyledImage = StyleCachedImage::create(m_cachedFromImage.get());
Modified: trunk/Source/WebCore/page/animation/CSSPropertyAnimation.cpp (199560 => 199561)
--- trunk/Source/WebCore/page/animation/CSSPropertyAnimation.cpp 2016-04-14 22:26:06 UTC (rev 199560)
+++ trunk/Source/WebCore/page/animation/CSSPropertyAnimation.cpp 2016-04-14 22:35:36 UTC (rev 199561)
@@ -318,8 +318,10 @@
if (is<CSSCrossfadeValue>(fromGenerated) && is<CSSCrossfadeValue>(toGenerated)) {
CSSCrossfadeValue& fromCrossfade = downcast<CSSCrossfadeValue>(fromGenerated);
CSSCrossfadeValue& toCrossfade = downcast<CSSCrossfadeValue>(toGenerated);
- if (fromCrossfade.equalInputImages(toCrossfade))
- return StyleGeneratedImage::create(*toCrossfade.blend(fromCrossfade, progress));
+ if (fromCrossfade.equalInputImages(toCrossfade)) {
+ if (auto crossfadeBlend = toCrossfade.blend(fromCrossfade, progress))
+ return StyleGeneratedImage::create(*crossfadeBlend);
+ }
}
// FIXME: Add support for animation between two *gradient() functions.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
