Title: [258260] trunk
- Revision
- 258260
- Author
- commit-qu...@webkit.org
- Date
- 2020-03-11 07:40:27 -0700 (Wed, 11 Mar 2020)
Log Message
Crash in KeyframeEffect::getAnimatedStyle
https://bugs.webkit.org/show_bug.cgi?id=208318
<rdar://problem/59848234>
Patch by Jack Lee <shihchieh_...@apple.com> on 2020-03-11
Reviewed by Antoine Quint.
Source/WebCore:
Quit getAnimatedStyle if element is rendererless.
Test: fast/animation/keyframe-rendererless-element-crash.html
* animation/KeyframeEffect.cpp:
(WebCore::KeyframeEffect::getAnimatedStyle):
LayoutTests:
Quit getAnimatedStyle if element is rendererless.
* fast/animation/keyframe-rendererless-element-crash-expected.txt: Added.
* fast/animation/keyframe-rendererless-element-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (258259 => 258260)
--- trunk/LayoutTests/ChangeLog 2020-03-11 12:44:07 UTC (rev 258259)
+++ trunk/LayoutTests/ChangeLog 2020-03-11 14:40:27 UTC (rev 258260)
@@ -1,3 +1,16 @@
+2020-03-11 Jack Lee <shihchieh_...@apple.com>
+
+ Crash in KeyframeEffect::getAnimatedStyle
+ https://bugs.webkit.org/show_bug.cgi?id=208318
+ <rdar://problem/59848234>
+
+ Reviewed by Antoine Quint.
+
+ Quit getAnimatedStyle if element is rendererless.
+
+ * fast/animation/keyframe-rendererless-element-crash-expected.txt: Added.
+ * fast/animation/keyframe-rendererless-element-crash.html: Added.
+
2020-03-11 Diego Pino Garcia <dp...@igalia.com>
[WPE] Gardening, update TestExpectations
Added: trunk/LayoutTests/fast/animation/keyframe-rendererless-element-crash-expected.txt (0 => 258260)
--- trunk/LayoutTests/fast/animation/keyframe-rendererless-element-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/animation/keyframe-rendererless-element-crash-expected.txt 2020-03-11 14:40:27 UTC (rev 258260)
@@ -0,0 +1 @@
+Test keyframeEffect on an element that does not have a renderer. The test passes if WebKit doesn't crash or hit an assertion.
Added: trunk/LayoutTests/fast/animation/keyframe-rendererless-element-crash.html (0 => 258260)
--- trunk/LayoutTests/fast/animation/keyframe-rendererless-element-crash.html (rev 0)
+++ trunk/LayoutTests/fast/animation/keyframe-rendererless-element-crash.html 2020-03-11 14:40:27 UTC (rev 258260)
@@ -0,0 +1,14 @@
+<style id=STYLE>
+MARQUEE { -webkit-transition-duration: 1s; }
+</style>
+<script>
+ if (window.testRunner)
+ testRunner.dumpAsText();
+ _onload_ = function fun() {
+ STYLE.appendChild(Q);
+ MARQUEE.style.setProperty("-webkit-perspective-origin-y", "0px");
+ MARQUEE.style.setProperty("-webkit-transform", "rotate(0deg)");
+ document.getAnimations()[0].effect = new KeyframeEffect(Q, [ ], 1);
+}
+</script>
+<body><pre id=PRE></pre><marquee id=MARQUEE><q id="Q"></q><span>Test keyframeEffect on an element that does not have a renderer. The test passes if WebKit doesn't crash or hit an assertion.</span>
Modified: trunk/Source/WebCore/ChangeLog (258259 => 258260)
--- trunk/Source/WebCore/ChangeLog 2020-03-11 12:44:07 UTC (rev 258259)
+++ trunk/Source/WebCore/ChangeLog 2020-03-11 14:40:27 UTC (rev 258260)
@@ -1,3 +1,18 @@
+2020-03-11 Jack Lee <shihchieh_...@apple.com>
+
+ Crash in KeyframeEffect::getAnimatedStyle
+ https://bugs.webkit.org/show_bug.cgi?id=208318
+ <rdar://problem/59848234>
+
+ Reviewed by Antoine Quint.
+
+ Quit getAnimatedStyle if element is rendererless.
+
+ Test: fast/animation/keyframe-rendererless-element-crash.html
+
+ * animation/KeyframeEffect.cpp:
+ (WebCore::KeyframeEffect::getAnimatedStyle):
+
2020-03-11 Youenn Fablet <you...@apple.com>
[iOS] Unskip fast/mediastream tests
Modified: trunk/Source/WebCore/animation/KeyframeEffect.cpp (258259 => 258260)
--- trunk/Source/WebCore/animation/KeyframeEffect.cpp 2020-03-11 12:44:07 UTC (rev 258259)
+++ trunk/Source/WebCore/animation/KeyframeEffect.cpp 2020-03-11 14:40:27 UTC (rev 258260)
@@ -1158,7 +1158,7 @@
void KeyframeEffect::getAnimatedStyle(std::unique_ptr<RenderStyle>& animatedStyle)
{
- if (!m_target || !animation())
+ if (!m_target || !renderer() || !animation())
return;
auto progress = getComputedTiming().progress;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
