Bug 66118

Summary:	HANDLE_ANIMATION_INHERIT_AND_INITIAL macro fails to actually iterate.
Product:	WebKit	Reporter:	Luke Macpherson <macpherson>
Component:	CSS	Assignee:	Dean Jackson <dino>
Status:	RESOLVED CONFIGURATION CHANGED
Severity:	Normal	CC:	bfulgham, cmarrin, darin, dino, macpherson, mitz, simon.fraser, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	528+ (Nightly build)
Hardware:	Unspecified
OS:	Unspecified
Bug Depends on:	66126
Bug Blocks:

Luke Macpherson

Reported 2011-08-11 17:18:15 PDT

Noticed this during refactoring: CSSStyleSelector.cpp:183 list->animation(0)->set##Prop(Animation::initialAnimation##Prop()); \ CSSStyleSelector.cpp:184 for (size_t i = 1; i < list->size(); ++i) \ CSSStyleSelector.cpp:185 list->animation(0)->clear##Prop(); \ As you can see, i is not used in the body of the loop, and instead the 0th element is set repeatedly, which also negates the effect of line 183. Looks like this code has been in since 36634, and I don't know what user-visible bugs this causes, if any.

Attachments
Add attachment proposed patch, testcase, etc.

Luke Macpherson

Comment 1 2011-08-11 17:20:24 PDT

This bug also appears in the HANDLE_TRANSITION_INHERIT_AND_INITIAL macro.

Darin Adler

Comment 2 2011-08-16 17:38:26 PDT

Bad news. Somebody should figure out what the symptom is and make a test so we can fix it!

Dean Jackson

Comment 3 2011-08-17 03:00:53 PDT

I'll take a look.

Luke Macpherson

Comment 4 2011-08-17 16:20:46 PDT

FYI: https://bugs.webkit.org/show_bug.cgi?id=66126 would fix this en passant, but doesn't add tests etc. It may be better to fix/test/close this bug before that goes in, but that's up to reviewers I suppose.

Dean Jackson

Comment 5 2011-08-17 16:57:50 PDT

I agree. We should fix this separately.

Radar WebKit Bug Importer

Comment 6 2011-08-17 17:44:31 PDT

<rdar://problem/9973753>

Dean Jackson

Comment 7 2011-08-17 18:14:41 PDT

The reason we've never noticed this is that it would mean setting an animation property value to 'initial'. I doubt many people have ever done this. Not only that, since the properties are not inherited you always have the initial value. I'm trying to work out how to write test that hits this code (in which case, why do we even have it?)

Dean Jackson

Comment 8 2011-08-24 18:58:00 PDT

I don't want to hold up this much longer, especially since the linked bug would fix it, but I'm wondering if the fact we never saw this cause breakage is that it is hidden by another bug. This code would only be triggered in the case where an animation property is given the value 'initial'. Animation properties don't inherit, so it isn't a big deal. But I notice this macro does something weird as it is creating the list of animations: for (CSSValueListIterator i = value; i.hasMore(); i.advance()) { \ if (childIndex <= list->size()) \ list->append(Animation::create()); \ mapAnimation##Prop(list->animation(childIndex), i.value()); \ ++childIndex; \ childIndex is 0 when this loop begins. Notice that we append to the list, but then set the value of the first element. We never touch the element we appended. Unless anyone objects, I'm going to close this as WONTFIX and we'll investigate in https://bugs.webkit.org/show_bug.cgi?id=66126 if the above code is buggy, or is doing unnecessary work.

Brent Fulgham

Comment 9 2022-02-12 18:09:02 PST

Fixed in http://trac.webkit.org/changeset/93848

Note You need to log in before you can comment on or make changes to this bug.