Title: [234161] trunk
- Revision
- 234161
- Author
- grao...@webkit.org
- Date
- 2018-07-24 12:28:41 -0700 (Tue, 24 Jul 2018)
Log Message
[Web Animations] Crash accessing CSSAnimation::bindingsCurrentTime when effect has been set to null
https://bugs.webkit.org/show_bug.cgi?id=187950
<rdar://problem/42515747>
Reviewed by Dean Jackson.
Source/WebCore:
Test: webanimations/accessing-current-time-after-clearing-css-animation-effect.html
While a CSSAnimation has an effect created for it by the implementation, the developer may yet manipulate
its effect via the Web Animations API and set it to null. As such, we must not assume it's always non-null.
* animation/CSSAnimation.cpp:
(WebCore::CSSAnimation::bindingsCurrentTime const):
LayoutTests:
Add a new test where we check that the current time of a CSSAnimation can be accessed after setting its effect to null.
* webanimations/accessing-current-time-after-clearing-css-animation-effect-expected.txt: Added.
* webanimations/accessing-current-time-after-clearing-css-animation-effect.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (234160 => 234161)
--- trunk/LayoutTests/ChangeLog 2018-07-24 19:02:03 UTC (rev 234160)
+++ trunk/LayoutTests/ChangeLog 2018-07-24 19:28:41 UTC (rev 234161)
@@ -1,3 +1,16 @@
+2018-07-24 Antoine Quint <grao...@apple.com>
+
+ [Web Animations] Crash accessing CSSAnimation::bindingsCurrentTime when effect has been set to null
+ https://bugs.webkit.org/show_bug.cgi?id=187950
+ <rdar://problem/42515747>
+
+ Reviewed by Dean Jackson.
+
+ Add a new test where we check that the current time of a CSSAnimation can be accessed after setting its effect to null.
+
+ * webanimations/accessing-current-time-after-clearing-css-animation-effect-expected.txt: Added.
+ * webanimations/accessing-current-time-after-clearing-css-animation-effect.html: Added.
+
2018-07-24 Daniel Bates <daba...@apple.com>
Cannot view PDF's on my.gov.au: "Refused to load https://my.gov.au/attachment/viewAttachment because it
Added: trunk/LayoutTests/webanimations/accessing-current-time-after-clearing-css-animation-effect-expected.txt (0 => 234161)
--- trunk/LayoutTests/webanimations/accessing-current-time-after-clearing-css-animation-effect-expected.txt (rev 0)
+++ trunk/LayoutTests/webanimations/accessing-current-time-after-clearing-css-animation-effect-expected.txt 2018-07-24 19:28:41 UTC (rev 234161)
@@ -0,0 +1,3 @@
+
+PASS Current time is 0 after removing its effect.
+
Added: trunk/LayoutTests/webanimations/accessing-current-time-after-clearing-css-animation-effect.html (0 => 234161)
--- trunk/LayoutTests/webanimations/accessing-current-time-after-clearing-css-animation-effect.html (rev 0)
+++ trunk/LayoutTests/webanimations/accessing-current-time-after-clearing-css-animation-effect.html 2018-07-24 19:28:41 UTC (rev 234161)
@@ -0,0 +1,35 @@
+<!DOCTYPE html><!-- webkit-test-runner [ enableWebAnimationsCSSIntegration=true ] -->
+<meta charset=utf-8>
+<title>Crash accessing a CSSAnimation's current time after setting its effect to null</title>
+<style>
+ @keyframes animation {
+ from {
+ margin-left: 0px;
+ }
+ to {
+ margin-left: 100px;
+ }
+ }
+</style>
+<body>
+<script src=""
+<script src=""
+<script>
+
+'use strict';
+
+test(t => {
+ const target = document.body.appendChild(document.createElement("div"));
+ target.style.animation = "animation 1s";
+
+ const animations = target.getAnimations();
+ assert_equals(animations.length, 1, "The target element has one animation.");
+
+ const animation = animations[0];
+ animation.effect = null;
+
+ assert_equals(animation.currentTime, 0, "The animation's current time is 0 after removing its effect.");
+}, "Current time is 0 after removing its effect.");
+
+</script>
+</body>
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (234160 => 234161)
--- trunk/Source/WebCore/ChangeLog 2018-07-24 19:02:03 UTC (rev 234160)
+++ trunk/Source/WebCore/ChangeLog 2018-07-24 19:28:41 UTC (rev 234161)
@@ -1,3 +1,19 @@
+2018-07-24 Antoine Quint <grao...@apple.com>
+
+ [Web Animations] Crash accessing CSSAnimation::bindingsCurrentTime when effect has been set to null
+ https://bugs.webkit.org/show_bug.cgi?id=187950
+ <rdar://problem/42515747>
+
+ Reviewed by Dean Jackson.
+
+ Test: webanimations/accessing-current-time-after-clearing-css-animation-effect.html
+
+ While a CSSAnimation has an effect created for it by the implementation, the developer may yet manipulate
+ its effect via the Web Animations API and set it to null. As such, we must not assume it's always non-null.
+
+ * animation/CSSAnimation.cpp:
+ (WebCore::CSSAnimation::bindingsCurrentTime const):
+
2018-07-24 Zalan Bujtas <za...@apple.com>
[LFC][IFC] BlockContainer::establishesInlineFormattingContext should only check the first inflow child.
Modified: trunk/Source/WebCore/animation/CSSAnimation.cpp (234160 => 234161)
--- trunk/Source/WebCore/animation/CSSAnimation.cpp 2018-07-24 19:02:03 UTC (rev 234160)
+++ trunk/Source/WebCore/animation/CSSAnimation.cpp 2018-07-24 19:28:41 UTC (rev 234161)
@@ -116,8 +116,10 @@
{
flushPendingStyleChanges();
auto currentTime = DeclarativeAnimation::bindingsCurrentTime();
- if (currentTime)
- return std::max(0.0, std::min(currentTime.value(), effect()->timing()->activeDuration().milliseconds()));
+ if (currentTime) {
+ if (auto* animationEffect = effect())
+ return std::max(0.0, std::min(currentTime.value(), animationEffect->timing()->activeDuration().milliseconds()));
+ }
return currentTime;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
