Changeset 199561 in webkit


Ignore:
Timestamp:
Apr 14, 2016 3:35:36 PM (8 years ago)
Author:
dino@apple.com
Message:

CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::CachedResource::addClientToSet + 27
https://bugs.webkit.org/show_bug.cgi?id=156602
<rdar://problem/18921091>

Reviewed by Simon Fraser.

Source/WebCore:

The CSS property list-style-image is inherited, so a transition on a parent
might cause a transition on a child. On that child, the value might be between
two generated crossfade images which haven't yet resolved, causing a crash.

Test: transitions/crossfade-transition.html

  • css/CSSCrossfadeValue.cpp:

(WebCore::CSSCrossfadeValue::blend): Return null if there are no cached images.

  • page/animation/CSSPropertyAnimation.cpp:

(WebCore::blendFunc): If we don't have an actual image to blend between, fall
out to the default case.

LayoutTests:

Tests that an animation between two inherited crossfade elements will not crash.

  • transitions/crossfade-transition-expected.txt: Added.
  • transitions/crossfade-transition.html: Added.
Location:
trunk
Files:
2 added
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r199556 r199561  
     12016-04-14  Dean Jackson  <dino@apple.com>
     2
     3        CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::CachedResource::addClientToSet + 27
     4        https://bugs.webkit.org/show_bug.cgi?id=156602
     5        <rdar://problem/18921091>
     6
     7        Reviewed by Simon Fraser.
     8
     9        Tests that an animation between two inherited crossfade elements will not crash.
     10
     11        * transitions/crossfade-transition-expected.txt: Added.
     12        * transitions/crossfade-transition.html: Added.
     13
    1142016-04-14  Joseph Pecoraro  <pecoraro@apple.com>
    215
  • trunk/Source/WebCore/ChangeLog

    r199553 r199561  
     12016-04-14  Dean Jackson  <dino@apple.com>
     2
     3        CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::CachedResource::addClientToSet + 27
     4        https://bugs.webkit.org/show_bug.cgi?id=156602
     5        <rdar://problem/18921091>
     6
     7        Reviewed by Simon Fraser.
     8
     9        The CSS property list-style-image is inherited, so a transition on a parent
     10        might cause a transition on a child. On that child, the value might be between
     11        two generated crossfade images which haven't yet resolved, causing a crash.
     12
     13        Test: transitions/crossfade-transition.html
     14
     15        * css/CSSCrossfadeValue.cpp:
     16        (WebCore::CSSCrossfadeValue::blend): Return null if there are no cached images.
     17        * page/animation/CSSPropertyAnimation.cpp:
     18        (WebCore::blendFunc): If we don't have an actual image to blend between, fall
     19        out to the default case.
     20
    1212016-04-14  Antonio Gomes  <tonikitoo@webkit.org>
    222
  • trunk/Source/WebCore/css/CSSCrossfadeValue.cpp

    r194496 r199561  
    195195{
    196196    ASSERT(equalInputImages(from));
     197    if (!m_cachedToImage || !m_cachedFromImage)
     198        return nullptr;
    197199    RefPtr<StyleCachedImage> toStyledImage = StyleCachedImage::create(m_cachedToImage.get());
    198200    RefPtr<StyleCachedImage> fromStyledImage = StyleCachedImage::create(m_cachedFromImage.get());
  • trunk/Source/WebCore/page/animation/CSSPropertyAnimation.cpp

    r197591 r199561  
    319319            CSSCrossfadeValue& fromCrossfade = downcast<CSSCrossfadeValue>(fromGenerated);
    320320            CSSCrossfadeValue& toCrossfade = downcast<CSSCrossfadeValue>(toGenerated);
    321             if (fromCrossfade.equalInputImages(toCrossfade))
    322                 return StyleGeneratedImage::create(*toCrossfade.blend(fromCrossfade, progress));
     321            if (fromCrossfade.equalInputImages(toCrossfade)) {
     322                if (auto crossfadeBlend = toCrossfade.blend(fromCrossfade, progress))
     323                    return StyleGeneratedImage::create(*crossfadeBlend);
     324            }
    323325        }
    324326
Note: See TracChangeset for help on using the changeset viewer.