[webkit-changes] [WebKit/WebKit] 65cbbd: [css-transitions] crash when transition-property i...

Antoine Quint noreply at github.com
Wed Jan 11 22:31:34 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 65cbbd06b50bb3c8e45aabd0c47322e540baf4fd
      https://github.com/WebKit/WebKit/commit/65cbbd06b50bb3c8e45aabd0c47322e540baf4fd
  Author: Antoine Quint <graouts at apple.com>
  Date:   2023-01-11 (Wed, 11 Jan 2023)

  Changed paths:
    A LayoutTests/imported/w3c/web-platform-tests/css/css-properties-values-api/animation/custom-property-transition-mismatched-inherited-property-numbers-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/css/css-properties-values-api/animation/custom-property-transition-mismatched-inherited-property-numbers.html
    M Source/WebCore/animation/WebAnimationUtilities.cpp
    M Source/WebCore/animation/WebAnimationUtilities.h
    M Source/WebCore/css/CSSToStyleMap.cpp
    M Source/WebCore/css/ComputedStyleExtractor.cpp
    M Source/WebCore/page/ios/ContentChangeObserver.cpp
    M Source/WebCore/page/ios/ContentChangeObserver.h
    M Source/WebCore/platform/animation/Animation.cpp
    M Source/WebCore/platform/animation/Animation.h
    M Source/WebCore/platform/animation/AnimationList.cpp
    M Source/WebCore/style/Styleable.cpp

  Log Message:
  -----------
  [css-transitions] crash when transition-property is set to inherit from a parent with mismatched items in another transition property
https://bugs.webkit.org/show_bug.cgi?id=250460
rdar://104118149

Reviewed by Antti Koivisto and Dean Jackson.

We fixed a bug yesterday to correctly handle a case where transition-property is set to a
custom property and another transition property has a longer list of items: bug 250401.
However, this doesn't work and crashes when those properties are set on a parent and a
child uses "inherit" to replicate them.

The issue is that while basic information about the transition-property value is stored
in Animation::m_property, the potential custom property name as a string is stored as
Animation::m_customOrUnknownProperty. In the fix for bug 250401 we added the required
code to also replicate m_customOrUnknownProperty when filling mismatching animations.

But in the case where "inherits" is used, the m_property variable is set by the
BuilderFunctions::applyInheritTransitionProperty() method, which is fairly generic
code generated from CSSProperties.json. Instead of changing the code generator, we
consolidate all information derived from the "transition-property" value in the single
m_property instance variable and replace the TransitionProperty.id field to be
TransitionProperty.animatableProperty and thus represent either a regular or a custom
property.

This also allows us to remove TransitionMode::CustomProperty and also use the
TransitionMode::SingleProperty mode for custom properties.

Overall this yields a more elegant and less error-prone design.

* LayoutTests/imported/w3c/web-platform-tests/css/css-properties-values-api/animation/custom-property-transition-mismatched-inherited-property-numbers-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/css/css-properties-values-api/animation/custom-property-transition-mismatched-inherited-property-numbers.html: Added.
* Source/WebCore/animation/WebAnimationUtilities.cpp:
(WebCore::animatablePropertyAsString):
* Source/WebCore/animation/WebAnimationUtilities.h:
* Source/WebCore/css/CSSToStyleMap.cpp:
(WebCore::CSSToStyleMap::mapAnimationProperty):
* Source/WebCore/css/ComputedStyleExtractor.cpp:
(WebCore::createTransitionPropertyValue):
* Source/WebCore/page/ios/ContentChangeObserver.cpp:
(WebCore::ContentChangeObserver::isObservedPropertyForTransition const):
(WebCore::ContentChangeObserver::didAddTransition):
* Source/WebCore/page/ios/ContentChangeObserver.h:
(WebCore::ContentChangeObserver::isObservedPropertyForTransition const): Deleted.
* Source/WebCore/platform/animation/Animation.cpp:
(WebCore::Animation::Animation):
(WebCore::Animation::animationsMatch const):
(WebCore::operator<<):
* Source/WebCore/platform/animation/Animation.h:
(WebCore::Animation::isCompositeOperationSet const):
(WebCore::Animation::isEmpty const):
(WebCore::Animation::clearCompositeOperation):
(WebCore::Animation::clearAll):
(WebCore::Animation::property const):
(WebCore::Animation::setProperty):
(WebCore::Animation::fillCompositeOperation):
(WebCore::Animation::isCustomOrUnknownPropertySet const): Deleted.
(WebCore::Animation::clearCustomOrUnknownProperty): Deleted.
(WebCore::Animation::customOrUnknownProperty const): Deleted.
(WebCore::Animation::setCustomOrUnknownProperty): Deleted.
(WebCore::Animation::fillCustomOrUnknownProperty): Deleted.
* Source/WebCore/platform/animation/AnimationList.cpp:
(WebCore::AnimationList::fillUnsetProperties):
* Source/WebCore/style/Styleable.cpp:
(WebCore::transitionMatchesProperty):
(WebCore::compileTransitionPropertiesInStyle):

Canonical link: https://commits.webkit.org/258821@main

More information about the webkit-changes mailing list