Crash in WebCore::RenderStyle::colorIncludingFallback.
authorzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Jun 2017 19:36:45 +0000 (19:36 +0000)
committerzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Jun 2017 19:36:45 +0000 (19:36 +0000)
commit68285e3bd90b909978275498c1be976f072a8238
tree0196fc310c0583a02977159de8c0fa5a9be04e35
parent1ced70de451229f08b848b2188eee4c41616f629
Crash in WebCore::RenderStyle::colorIncludingFallback.
https://bugs.webkit.org/show_bug.cgi?id=173347
<rdar://problem/32675317>

Reviewed by Chris Dumez.

Source/WebCore:

Starting an SVG image animation synchronously might trigger recursive style recalc.
We should kick off the animation on a zero timer to reduce callstack complexity.

Test: svg/as-image/svg-css-animation.html

* loader/cache/CachedImage.cpp:
(WebCore::CachedImage::didAddClient):
* platform/graphics/Image.cpp:
(WebCore::Image::Image):
(WebCore::Image::startAnimationAsynchronously):
* platform/graphics/Image.h:

LayoutTests:

* svg/animations/animated-svg-image-removed-from-document-paused.html: animations are not started synchronously anymore.
* svg/as-image/svg-css-animation-expected.txt: Added.
* svg/as-image/svg-css-animation.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@218284 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/svg/animations/animated-svg-image-removed-from-document-paused.html
LayoutTests/svg/as-image/svg-css-animation-expected.txt [new file with mode: 0644]
LayoutTests/svg/as-image/svg-css-animation.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/cache/CachedImage.cpp
Source/WebCore/platform/graphics/Image.cpp
Source/WebCore/platform/graphics/Image.h