Bug 233819

Summary: CSS animation sorting may crash due to AnimationList copy upon CSS Animation removal
Product: WebKit Reporter: Antoine Quint <graouts>
Component: AnimationsAssignee: Antoine Quint <graouts>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, dino, gnavamarino, graouts, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch for landing none

Antoine Quint
Reported 2021-12-03 09:24:04 PST
CSS animation sorting may crash due to AnimationList copy upon CSS Animation removal
Attachments
Patch (10.17 KB, patch)
2021-12-03 09:42 PST, Antoine Quint 		no flags
DetailsFormatted DiffDiff
Patch for landing (10.32 KB, patch)
2021-12-04 06:46 PST, Antoine Quint 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Antoine Quint
Comment 1 2021-12-03 09:42:56 PST
Created attachment 445868 [details] Patch
Antoine Quint
Comment 2 2021-12-03 09:43:02 PST
<rdar://problem/85596065>
Dean Jackson
Comment 3 2021-12-03 09:49:03 PST
Comment on attachment 445868 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=445868&action=review > Source/WebCore/ChangeLog:52 > + When the ChangeLog is much bigger than the change. > Source/WebCore/platform/animation/AnimationList.h:39 > + Ref<AnimationList> copy(CopyAnimations copyAnimations = CopyAnimations::Yes) const { return adoptRef(*new AnimationList(*this, copyAnimations)); } It seems weird that you could have copy(CopyAnimations::No) - until you realise you're talking about the members of the list. So maybe it should be called CopyAnimationMembers? Or flip it and call it Clone? I don't know. It's just a bit confusing.
Antoine Quint
Comment 4 2021-12-03 10:25:09 PST
(In reply to Dean Jackson from comment #3) > Comment on attachment 445868 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=445868&action=review > > > Source/WebCore/platform/animation/AnimationList.h:39 > > + Ref<AnimationList> copy(CopyAnimations copyAnimations = CopyAnimations::Yes) const { return adoptRef(*new AnimationList(*this, copyAnimations)); } > > It seems weird that you could have copy(CopyAnimations::No) - until you > realise you're talking about the members of the list. So maybe it should be > called CopyAnimationMembers? Or flip it and call it Clone? I don't know. > It's just a bit confusing. I'll go with enum class `CopyBehavior { Clone, Reference }`.
Darin Adler
Comment 5 2021-12-03 10:31:28 PST
Comment on attachment 445868 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=445868&action=review >>> Source/WebCore/platform/animation/AnimationList.h:39 >>> + Ref<AnimationList> copy(CopyAnimations copyAnimations = CopyAnimations::Yes) const { return adoptRef(*new AnimationList(*this, copyAnimations)); } >> >> It seems weird that you could have copy(CopyAnimations::No) - until you realise you're talking about the members of the list. So maybe it should be called CopyAnimationMembers? Or flip it and call it Clone? I don't know. It's just a bit confusing. > > I'll go with enum class `CopyBehavior { Clone, Reference }`. I think it might be better to just have two separate named functions, maybe copy and shallowCopy? We can still use just a single constructor with an argument, but that would be private.
Antoine Quint
Comment 6 2021-12-03 11:17:56 PST
(In reply to Darin Adler from comment #5) > Comment on attachment 445868 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=445868&action=review > > >>> Source/WebCore/platform/animation/AnimationList.h:39 > >>> + Ref<AnimationList> copy(CopyAnimations copyAnimations = CopyAnimations::Yes) const { return adoptRef(*new AnimationList(*this, copyAnimations)); } > >> > >> It seems weird that you could have copy(CopyAnimations::No) - until you realise you're talking about the members of the list. So maybe it should be called CopyAnimationMembers? Or flip it and call it Clone? I don't know. It's just a bit confusing. > > > > I'll go with enum class `CopyBehavior { Clone, Reference }`. > > I think it might be better to just have two separate named functions, maybe > copy and shallowCopy? We can still use just a single constructor with an > argument, but that would be private. Event better.
Antoine Quint
Comment 7 2021-12-04 06:46:20 PST
Created attachment 445969 [details] Patch for landing
EWS
Comment 8 2021-12-04 07:28:55 PST
Committed r286532 (244864@main): <https://commits.webkit.org/244864@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 445969 [details].
Antoine Quint
Comment 9 2021-12-07 00:16:29 PST
*** Bug 233672 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.