[webkit-changes] [WebKit/WebKit] 41db05: Make SMIL interval position calculations more resi...

Ahmad Saleem noreply at github.com
Fri Mar 31 11:03:30 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 41db051039b0b4670106dc3937a4c8598c39ea48
      https://github.com/WebKit/WebKit/commit/41db051039b0b4670106dc3937a4c8598c39ea48
  Author: Ahmad Saleem <ahmad.saleem792+github at gmail.com>
  Date:   2023-03-31 (Fri, 31 Mar 2023)

  Changed paths:
    A LayoutTests/svg/animations/simple-duration-mutation-crash-expected.txt
    A LayoutTests/svg/animations/simple-duration-mutation-crash.html
    M Source/WebCore/svg/animation/SVGSMILElement.cpp

  Log Message:
  -----------
  Make SMIL interval position calculations more resilient

https://bugs.webkit.org/show_bug.cgi?id=254702

Reviewed by Simon Fraser.

Merge - https://chromium.googlesource.com/chromium/src.git/+/c9db58439d9c5218b26640fa65780d6dd505734c

When 'dur' is mutated, all dependent state is not updated at once, but
rather lazily. This means that we can get into an inconsistent state
where some timing parameters have been applied while some have not, and
code that uses - and thus realizes - the state changes will be first to
observe them. This can for instance lead to an interval position of NaN
being computed, which would wreak havoc when computing values.

For the specific case, we'd first get an 'indefinite' simple duration
and compute an interval thereafter. When 'dur' is then modified to a
finite value the simple duration will not be updated until the next
frame is computed (triggered by mutation of 'end'), leaving us with
a valid/finite simple duration but an infinite interval. (This then
results in arithmetic with Inf, yielding a NaN value for |percent|.)

Properly updating all the interval computation state on mutations is a
somewhat involved task, so paper over it for now by computing the (last)
active duration differently depending on the case we're in. While this
change is a bit of a workaround, it should be a perfectly reasonable
change on its own.

* Source/WebCore/svg/animations/SVGSMILElement.cpp:
(SVGSMILElement:: calculateAnimationPercentAndRepeat): Update 'percent'
* LayoutTests/svg/animations/simple-duration-mutation-crash.html: Add Test Case
* LayoutTests/svg/animations/simple-duration-mutation-crash-expected.txt: Add Test Case Expectation

Canonical link: https://commits.webkit.org/262425@main

More information about the webkit-changes mailing list