CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::CachedResourc...
authordino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Apr 2016 22:35:36 +0000 (22:35 +0000)
committerdino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Apr 2016 22:35:36 +0000 (22:35 +0000)
commite65fe09cfcb76e94a7139e2e19cda2a6c46a7f1e
tree7d77db37e606565aee3d158464eff535a852efcd
parent3ee0b0ea6c19fd9ed3c1c6cfcbf0ce884dd1b3ef
CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::CachedResource::addClientToSet + 27
https://bugs.webkit.org/show_bug.cgi?id=156602
<rdar://problem/18921091>

Reviewed by Simon Fraser.

Source/WebCore:

The CSS property list-style-image is inherited, so a transition on a parent
might cause a transition on a child. On that child, the value might be between
two generated crossfade images which haven't yet resolved, causing a crash.

Test: transitions/crossfade-transition.html

* css/CSSCrossfadeValue.cpp:
(WebCore::CSSCrossfadeValue::blend): Return null if there are no cached images.
* page/animation/CSSPropertyAnimation.cpp:
(WebCore::blendFunc): If we don't have an actual image to blend between, fall
out to the default case.

LayoutTests:

Tests that an animation between two inherited crossfade elements will not crash.

* transitions/crossfade-transition-expected.txt: Added.
* transitions/crossfade-transition.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199561 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/transitions/crossfade-transition-expected.txt [new file with mode: 0644]
LayoutTests/transitions/crossfade-transition.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/css/CSSCrossfadeValue.cpp
Source/WebCore/page/animation/CSSPropertyAnimation.cpp