Ensure keySplines is valid in SMIL animations
<http://webkit.org/b/129547>
<rdar://problem/
15676128>
Reviewed by Darin Adler.
Merged from Blink (patch by Philip Rogers):
https://src.chromium.org/viewvc/blink?revision=156452&view=revision
http://crbug.com/276111
This patch fixes a crash in SMIL animations when keySplines are not
specified. The SMIL spec is clear on this:
http://www.w3.org/TR/2001/REC-smil-animation-
20010904/#AnimFuncCalcMode
"If there are any errors in the keyTimes specification (bad values,
too many or too few values), the animation will have no effect."
This patch simply checks that keyTimes is not empty. Previously,
splinesCount was set to be m_keySplines.size() + 1 in
SVGAnimationElement.cpp; this patch changes splinesCount to be equal
to m_keySplines.size() to make the logic easier to follow and to
match other checks in SVGAnimationElement::startedActiveInterval.
Source/WebCore:
Test: svg/animations/animate-keysplines-crash.html
* svg/SVGAnimationElement.cpp:
(WebCore::SVGAnimationElement::startedActiveInterval):
LayoutTests:
* svg/animations/animate-keysplines-crash-expected.txt: Added.
* svg/animations/animate-keysplines-crash.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@164933
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
git://git.webkit.org / WebKit-https.git / commit