Crash when using 'em' units to specify font-size inside animation keyframe.
authorakling@apple.com <akling@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 30 Jul 2014 03:51:31 +0000 (03:51 +0000)
committerakling@apple.com <akling@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 30 Jul 2014 03:51:31 +0000 (03:51 +0000)
<https://webkit.org/b/135395>
<rdar://problem/17851910>

Source/WebCore:
We'd forgotten to initialize the "parent style" when resolving keyframe
styles, and this led to a crash in length conversion where the code
assumes a parent style will be present.

To keep this fix minimal, simply make the "parent style" a clone of the
base element style.

Reviewed by Simon Fraser.

Test: fast/animation/keyframe-with-font-size-in-em-units.html

* css/StyleResolver.cpp:
(WebCore::StyleResolver::styleForKeyframe):

LayoutTests:
Add a reduced test case to cover this bug.

Reviewed by Simon Fraser.

* fast/animation/keyframe-with-font-size-in-em-units-expected.txt: Added.
* fast/animation/keyframe-with-font-size-in-em-units.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171785 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/animation/keyframe-with-font-size-in-em-units-expected.txt [new file with mode: 0644]
LayoutTests/fast/animation/keyframe-with-font-size-in-em-units.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/css/StyleResolver.cpp

index 9eb86f8..20711d3 100644 (file)
@@ -1,3 +1,16 @@
+2014-07-29  Andreas Kling  <akling@apple.com>
+
+        Crash when using 'em' units to specify font-size inside animation keyframe.
+        <https://webkit.org/b/135395>
+        <rdar://problem/17851910>
+
+        Add a reduced test case to cover this bug.
+
+        Reviewed by Simon Fraser.
+
+        * fast/animation/keyframe-with-font-size-in-em-units-expected.txt: Added.
+        * fast/animation/keyframe-with-font-size-in-em-units.html: Added.
+
 2014-07-29  Alexey Proskuryakov  <ap@apple.com>
 
         fast/borders/border-radius-on-subpixel-position-non-hidpi.html fails on Retina machines
diff --git a/LayoutTests/fast/animation/keyframe-with-font-size-in-em-units-expected.txt b/LayoutTests/fast/animation/keyframe-with-font-size-in-em-units-expected.txt
new file mode 100644 (file)
index 0000000..7e248af
--- /dev/null
@@ -0,0 +1 @@
+PASS (no crash)
diff --git a/LayoutTests/fast/animation/keyframe-with-font-size-in-em-units.html b/LayoutTests/fast/animation/keyframe-with-font-size-in-em-units.html
new file mode 100644 (file)
index 0000000..60ee538
--- /dev/null
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+@-webkit-keyframes foo {
+    from {
+        font-size: 2em;
+    }
+}
+#foo {
+    -webkit-animation: foo 1s linear 0.0s infinite;
+}
+</style>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<div id="foo"></div>
+<span>PASS (no crash)</span>
+</body>
+</html>
index 1e39811..485a15c 100644 (file)
@@ -1,3 +1,23 @@
+2014-07-29  Andreas Kling  <akling@apple.com>
+
+        Crash when using 'em' units to specify font-size inside animation keyframe.
+        <https://webkit.org/b/135395>
+        <rdar://problem/17851910>
+
+        We'd forgotten to initialize the "parent style" when resolving keyframe
+        styles, and this led to a crash in length conversion where the code
+        assumes a parent style will be present.
+
+        To keep this fix minimal, simply make the "parent style" a clone of the
+        base element style.
+
+        Reviewed by Simon Fraser.
+
+        Test: fast/animation/keyframe-with-font-size-in-em-units.html
+
+        * css/StyleResolver.cpp:
+        (WebCore::StyleResolver::styleForKeyframe):
+
 2014-07-29  Pratik Solanki  <psolanki@apple.com>
 
         [iOS] REGRESSION(r171526): PDF documents fail to load in WebKit1 with disk image caching enabled
index 982130d..5b43704 100644 (file)
@@ -825,6 +825,7 @@ PassRef<RenderStyle> StyleResolver::styleForKeyframe(const RenderStyle* elementS
 
     // Create the style
     state.setStyle(RenderStyle::clone(elementStyle));
+    state.setParentStyle(RenderStyle::clone(elementStyle));
     state.setLineHeightValue(0);
 
     TextDirection direction;