Bug 60062 (CVE-2011-2336)

Summary: Interrupted transitions are not correctly removed
Product: WebKit Reporter: Dean Jackson <dino>
Component: CSSAssignee: Dean Jackson <dino>
Status: RESOLVED FIXED    
Severity: Normal CC: cevans, cmarrin, simon.fraser
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: OS X 10.5   
Attachments:
Description Flags
Sample test
none
Patch simon.fraser: review+

Description Dean Jackson 2011-05-03 14:07:06 PDT 
When a CompositeAnimation creates a new transition for a property, it removes an existing transition if one exists. At the moment it simply deletes it from its list, but since it could potentially be in the list of animations waiting for start time, it isn't being cleared. 

<rdar://problem/9326422>
Comment 1 Dean Jackson 2011-05-03 14:56:28 PDT 
Created attachment 92139 [details]
Sample test

Incomplete test
Comment 2 Dean Jackson 2011-05-03 16:15:34 PDT 
Created attachment 92156 [details]
Patch
Comment 3 Dean Jackson 2011-05-03 17:32:23 PDT 
http://trac.webkit.org/changeset/85693