Bug 282704
| Summary: | RELEASE_ASSERT(a.globalPosition() != b.globalPosition()) is failing for animations with no timeline | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Adan Lopez <ja_lopezlozoya> |
| Component: | Animations | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | graouts, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Adan Lopez
This bug is due to animations being created with a null timeline never gets the global position updated, then when comparing them we hit a release assert.
Testcase:
=======
<p>This test passes if it doesn't crash.</p>
<script>
if (testRunner)
testRunner.dumpAsText();
function eventhandler() {
varx = new Animation(new KeyframeEffect(document.documentElement, null, 1), null);
varx.pause();
htmlvar.crossOrigin = "crossorigin";
}
function loading() {
document.getAnimations();
}
</script>
<body onload=loading()>
<img id="htmlvar" onerror="eventhandler()" src="x"></img>
Stack Trace
=========
frame #0: WebCore`WebCore::compareAnimationsByCompositeOrder(WebCore::WebAnimation const&, WebCore::WebAnimation const&)+0xd6b
frame #1: WebCore`void std::__1::__stable_sort<std::__1::_ClassicAlgPolicy, WebCore::Document::matchingAnimations(WTF::Function<bool (WebCore::Element&)> const&)::$_1&, WTF::RefPtr<WebCore::WebAnimation, WTF::RawPtrTraits<WebCore::WebAnimation>, WTF::DefaultRefDerefTraits<WebCore::WebAnimation>>*>(WTF::RefPtr<WebCore::WebAnimation, WTF::RawPtrTraits<WebCore::WebAnimation>, WTF::DefaultRefDerefTraits<WebCore::WebAnimation>>*, WTF::RefPtr<WebCore::WebAnimation, WTF::RawPtrTraits<WebCore::WebAnimation>, WTF::DefaultRefDerefTraits<WebCore::WebAnimation>>*, WebCore::Document::matchingAnimations(WTF::Function<bool (WebCore::Element&)> const&)::$_1&, std::__1::iterator_traits<WTF::RefPtr<WebCore::WebAnimation, WTF::RawPtrTraits<WebCore::WebAnimation>, WTF::DefaultRefDerefTraits<WebCore::WebAnimation>>*>::difference_type, std::__1::iterator_traits<WTF::RefPtr<WebCore::WebAnimation, WTF::RawPtrTraits<WebCore::WebAnimation>, WTF::DefaultRefDerefTraits<WebCore::WebAnimation>>*>::value_type*, long)+0x102
frame #2: WebCore`WebCore::Document::matchingAnimations(WTF::Function<bool (WebCore::Element&)> const&)+0x8f0
frame #3: WebCore`WebCore::Document::getAnimations()+0xcf
frame #4: WebCore`WebCore::jsDocumentPrototypeFunction_getAnimations(JSC::JSGlobalObject*, JSC::CallFrame*)+0x221
frame #5: `0x1f51e4037+
frame #6: JavaScriptCore`jsc_llint_commonCallOp__llintOpWithMetadata__llintOpWithReturn__llintOp__commonOp__fn__fn__makeReturn__fn__fn__fn__651_callHelper__dispatch+0x2
frame #7: JavaScriptCore`jsc_llint_commonCallOp__llintOpWithMetadata__llintOpWithReturn__llintOp__commonOp__fn__fn__makeReturn__fn__fn__fn__665_callHelper__dispatch+0x2
frame #8: JavaScriptCore`llint_call_javascript+0x5
frame #9: JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)+0xce8
frame #10: JavaScriptCore`JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)+0x101
frame #11: WebCore`WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)+0xc9f
frame #12: WebCore`WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener>>, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)+0x589
frame #13: WebCore`WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)+0x196
frame #14: WebCore`WebCore::LocalDOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*)+0x4f2
frame #15: WebCore`WebCore::LocalDOMWindow::dispatchLoadEvent()+0x5d6
frame #16: WebCore`WebCore::Document::dispatchWindowLoadEvent()+0x138
frame #17: WebCore`WebCore::Document::implicitClose()+0x86c
frame #18: WebCore`WebCore::FrameLoader::checkCallImplicitClose()+0x1ee
frame #19: WebCore`WebCore::FrameLoader::checkCompleted()+0x562
frame #20: WebCore`WebCore::FrameLoader::checkCompletenessNow()+0x2c2
frame #21: WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal()+0x3db
frame #22: WebCore`WebCore::timerFired(__CFRunLoopTimer*, void*)+0x78
frame #23: CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__+0x13
frame #24: CoreFoundation`__CFRunLoopDoTimer+0x320
frame #25: CoreFoundation`__CFRunLoopDoTimers+0x11c
frame #26: CoreFoundation`__CFRunLoopRun+0x8d4
frame #27: CoreFoundation`CFRunLoopRunSpecific+0x217
frame #28: Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:]+0xd7
frame #29: Foundation`-[NSRunLoop(NSRunLoop) run]+0x4b
frame #30: libxpc.dylib`_xpc_objc_main+0x271
frame #31: libxpc.dylib`_xpc_main+0xda
frame #32: libxpc.dylib`xpc_main+0x37
frame #33: WebKit`WebKit::XPCServiceMain(int, char const**)+0xa9
frame #34: dyld`start+0x70c
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Adan Lopez
<rdar://problem/137178526>
Adan Lopez
Pull request: https://github.com/WebKit/WebKit/pull/36280
EWS
Committed 286294@main (5ac2cec4ba7e): <https://commits.webkit.org/286294@main>
Reviewed commits have been landed. Closing PR #36280 and removing active labels.