SVGAnimateElementBase::calculateAnimatedValue() asserts when reinserting an SVG anima...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 22 Apr 2015 00:13:54 +0000 (00:13 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 22 Apr 2015 00:13:54 +0000 (00:13 +0000)
commit41f3cf3558e137622cb203f74831e84571b3a5df
treea3d1ecbf9969ad07d8c8f623e9ce429616da6a5f
parent88ee28c8ebf03769adf76b3c5f7d1b205beb0353
SVGAnimateElementBase::calculateAnimatedValue() asserts when reinserting an SVG animating element within the same animation limits
https://bugs.webkit.org/show_bug.cgi?id=143994

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-04-21
Reviewed by Simon Fraser.

Source/WebCore:

Make sure the SVG animation variables are reset cleanly such that if the
animation restarts it can rebuild its limit values reliably and correctly.

Tests: svg/animations/crash-reinsert-animate-length-same-limits.svg
       svg/animations/crash-reinsert-animate-transform-same-limits.svg

* svg/SVGAnimateElementBase.h:
* svg/SVGAnimateElementBase.cpp:
(WebCore::SVGAnimateElementBase::resetAnimatedPropertyType):
Call the base class resetAnimatedPropertyType() from the derived class.

* svg/SVGAnimationElement.h:
* svg/SVGAnimationElement.cpp:
(WebCore::SVGAnimationElement::resetAnimatedPropertyType):
Make resetAnimatedPropertyType() virtual. The implementation of the base
class of this function resets the values of the animation limits. When
updateAnimation() is called, it will be forced to recalculate the animation
limits by calling calculateFromAndToValues() even if the limits have not
changed.

LayoutTests:

* svg/animations/crash-reinsert-animate-length-same-limits-expected.txt: Added.
* svg/animations/crash-reinsert-animate-length-same-limits.svg: Added.
* svg/animations/crash-reinsert-animate-transform-same-limits-expected.txt: Added.
* svg/animations/crash-reinsert-animate-transform-same-limits.svg: Added.
Make sure when removing an SVG animating element and reinserting it back
within the same animation length or transform limits, we do not crash.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@183085 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/svg/animations/crash-reinsert-animate-length-same-limits-expected.txt [new file with mode: 0644]
LayoutTests/svg/animations/crash-reinsert-animate-length-same-limits.svg [new file with mode: 0644]
LayoutTests/svg/animations/crash-reinsert-animate-transform-same-limits-expected.txt [new file with mode: 0644]
LayoutTests/svg/animations/crash-reinsert-animate-transform-same-limits.svg [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/svg/SVGAnimateElementBase.cpp
Source/WebCore/svg/SVGAnimateElementBase.h
Source/WebCore/svg/SVGAnimationElement.cpp
Source/WebCore/svg/SVGAnimationElement.h