Changeset 218284 in webkit


Ignore:
Timestamp:
Jun 14, 2017 12:36:45 PM (7 years ago)
Author:
Alan Bujtas
Message:

Crash in WebCore::RenderStyle::colorIncludingFallback.
https://bugs.webkit.org/show_bug.cgi?id=173347
<rdar://problem/32675317>

Reviewed by Chris Dumez.

Source/WebCore:

Starting an SVG image animation synchronously might trigger recursive style recalc.
We should kick off the animation on a zero timer to reduce callstack complexity.

Test: svg/as-image/svg-css-animation.html

  • loader/cache/CachedImage.cpp:

(WebCore::CachedImage::didAddClient):

  • platform/graphics/Image.cpp:

(WebCore::Image::Image):
(WebCore::Image::startAnimationAsynchronously):

  • platform/graphics/Image.h:

LayoutTests:

  • svg/animations/animated-svg-image-removed-from-document-paused.html: animations are not started synchronously anymore.
  • svg/as-image/svg-css-animation-expected.txt: Added.
  • svg/as-image/svg-css-animation.html: Added.
Location:
trunk
Files:
2 added
6 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r218279 r218284  
     12017-06-14  Zalan Bujtas  <zalan@apple.com>
     2
     3        Crash in WebCore::RenderStyle::colorIncludingFallback.
     4        https://bugs.webkit.org/show_bug.cgi?id=173347
     5        <rdar://problem/32675317>
     6
     7        Reviewed by Chris Dumez.
     8
     9        * svg/animations/animated-svg-image-removed-from-document-paused.html: animations are not started synchronously anymore.
     10        * svg/as-image/svg-css-animation-expected.txt: Added.
     11        * svg/as-image/svg-css-animation.html: Added.
     12
    1132017-06-14  Matt Lewis  <jlewis3@apple.com>
    214

  • trunk/LayoutTests/svg/animations/animated-svg-image-removed-from-document-paused.html

    r214503 r218284  
    3030                evalAndLog("document.body.appendChild(imageA)");
    3131                document.body.offsetWidth; // Force layout.
    32                 shouldBeTrue("internals.isImageAnimating(imageA)");
    33                 evalAndLog("document.body.appendChild(imageB)");
    34                 document.body.offsetWidth; // Force layout.
    35                 shouldBeTrue("internals.isImageAnimating(imageB)");
     32                setTimeout(function() {
     33                    shouldBeTrue("internals.isImageAnimating(imageA)");
    3634
    37                 finishJSTest();
     35                    evalAndLog("document.body.appendChild(imageB)");
     36                    document.body.offsetWidth; // Force layout.
     37                    setTimeout(function() {
     38                        shouldBeTrue("internals.isImageAnimating(imageB)");
     39                        finishJSTest();
     40                    }, 30);
     41                }, 30);
    3842            }, 30);
    3943        }, 30);

  • trunk/Source/WebCore/ChangeLog

    r218278 r218284  
     12017-06-14  Zalan Bujtas  <zalan@apple.com>
     2
     3        Crash in WebCore::RenderStyle::colorIncludingFallback.
     4        https://bugs.webkit.org/show_bug.cgi?id=173347
     5        <rdar://problem/32675317>
     6
     7        Reviewed by Chris Dumez.
     8
     9        Starting an SVG image animation synchronously might trigger recursive style recalc.
     10        We should kick off the animation on a zero timer to reduce callstack complexity.
     11
     12        Test: svg/as-image/svg-css-animation.html
     13
     14        * loader/cache/CachedImage.cpp:
     15        (WebCore::CachedImage::didAddClient):
     16        * platform/graphics/Image.cpp:
     17        (WebCore::Image::Image):
     18        (WebCore::Image::startAnimationAsynchronously):
     19        * platform/graphics/Image.h:
     20
    1212017-06-14  Brady Eidson  <beidson@apple.com>
    222

  • trunk/Source/WebCore/loader/cache/CachedImage.cpp

    r218038 r218284  
    120120
    121121    if (m_image)
    122         m_image->startAnimation();
     122        m_image->startAnimationAsynchronously();
    123123
    124124    CachedResource::didAddClient(client);

  • trunk/Source/WebCore/platform/graphics/Image.cpp

    r216702 r218284  
    4848Image::Image(ImageObserver* observer)
    4949    : m_imageObserver(observer)
     50    , m_animationStartTimer(*this, &Image::startAnimation)
    5051{
    5152}
     
    308309}
    309310
     311void Image::startAnimationAsynchronously()
     312{
     313    if (m_animationStartTimer.isActive())
     314        return;
     315    m_animationStartTimer.startOneShot(0_s);
     316}
     317
    310318void Image::dump(TextStream& ts) const
    311319{

  • trunk/Source/WebCore/platform/graphics/Image.h

    r216702 r218284  
    3636#include "ImageTypes.h"
    3737#include "NativeImage.h"
     38#include "Timer.h"
    3839#include <wtf/Optional.h>
    3940#include <wtf/RefCounted.h>
     
    130131    // It will automatically pause once all observers no longer want to render the image anywhere.
    131132    virtual void startAnimation() { }
     133    void startAnimationAsynchronously();
    132134    virtual void stopAnimation() {}
    133135    virtual void resetAnimation() {}
     
    199201    RefPtr<SharedBuffer> m_encodedImageData;
    200202    ImageObserver* m_imageObserver;
     203    Timer m_animationStartTimer;
    201204};
    202205
Note: See TracChangeset for help on using the changeset viewer.