Bug 60062 (CVE-2011-2336)

Summary: Interrupted transitions are not correctly removed
Product: WebKit Reporter: Dean Jackson <dino>
Component: CSSAssignee: Dean Jackson <dino>
Status: RESOLVED FIXED    
Severity: Normal CC: cevans, cmarrin, simon.fraser
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: OS X 10.5   
Attachments:
Description Flags
Sample test
none
Patch simon.fraser: review+

Dean Jackson
Reported 2011-05-03 14:07:06 PDT
When a CompositeAnimation creates a new transition for a property, it removes an existing transition if one exists. At the moment it simply deletes it from its list, but since it could potentially be in the list of animations waiting for start time, it isn't being cleared. <rdar://problem/9326422>
Attachments
Sample test (1.36 KB, text/html)
2011-05-03 14:56 PDT, Dean Jackson 		no flags
Details
Patch (4.26 KB, patch)
2011-05-03 16:15 PDT, Dean Jackson 		simon.fraser: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dean Jackson
Comment 1 2011-05-03 14:56:28 PDT
Created attachment 92139 [details] Sample test Incomplete test
Dean Jackson
Comment 2 2011-05-03 16:15:34 PDT
Created attachment 92156 [details] Patch
Dean Jackson
Comment 3 2011-05-03 17:32:23 PDT
http://trac.webkit.org/changeset/85693
Note You need to log in before you can comment on or make changes to this bug.