<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[170862] trunk/Source</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/170862">170862</a></dd>
<dt>Author</dt> <dd>simon.fraser@apple.com</dd>
<dt>Date</dt> <dd>2014-07-07 16:44:49 -0700 (Mon, 07 Jul 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>[UI-side compositing] Crash when starting a filter transition on a reflected layer
https://bugs.webkit.org/show_bug.cgi?id=134694
Reviewed by Tim Horton.
Source/WebCore:
Don't call the owner if we failed to find the animation key (which actually
isn't used by PlatformCALayerMac anyway).
* platform/graphics/ca/mac/PlatformCALayerMac.mm:
(-[WebAnimationDelegate animationDidStart:]):
Source/WebKit2:
When cloned layers had animations, we would fire two animationDidStart callbacks,
but the second would pass an empty animationKey string to the web process, resulting
in a crash.
Fix by not blindly copying all layer properties when cloning PlatformCALayerRemotes,
since the clone would include addedAnimations, and then get the same animations
added on top by the caller.
Also protect against an empty animation key in the animationDidStart callback.
* UIProcess/mac/RemoteLayerTreeHost.mm:
(WebKit::RemoteLayerTreeHost::animationDidStart):
* WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
(WebKit::PlatformCALayerRemote::PlatformCALayerRemote):
(WebKit::PlatformCALayerRemote::clone): Don't copy all the properties; copy
them manually as PlatformCALayerMac does. Only copy the big things if they don't
have their default values.
(WebKit::PlatformCALayerRemote::copyFiltersFrom): Need an implementation of this
for clone() to call.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreplatformgraphicscamacPlatformCALayerMacmm">trunk/Source/WebCore/platform/graphics/ca/mac/PlatformCALayerMac.mm</a></li>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2UIProcessmacRemoteLayerTreeHostmm">trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm</a></li>
<li><a href="#trunkSourceWebKit2WebProcessWebPagemacPlatformCALayerRemotecpp">trunk/Source/WebKit2/WebProcess/WebPage/mac/PlatformCALayerRemote.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (170861 => 170862)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2014-07-07 23:44:42 UTC (rev 170861)
+++ trunk/Source/WebCore/ChangeLog 2014-07-07 23:44:49 UTC (rev 170862)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2014-07-07 Simon Fraser <simon.fraser@apple.com>
+
+ [UI-side compositing] Crash when starting a filter transition on a reflected layer
+ https://bugs.webkit.org/show_bug.cgi?id=134694
+
+ Reviewed by Tim Horton.
+
+ Don't call the owner if we failed to find the animation key (which actually
+ isn't used by PlatformCALayerMac anyway).
+
+ * platform/graphics/ca/mac/PlatformCALayerMac.mm:
+ (-[WebAnimationDelegate animationDidStart:]):
+
</ins><span class="cx"> 2014-07-07 Alex Christensen <achristensen@webkit.org>
</span><span class="cx">
</span><span class="cx"> [iOS WebGL] Fix crash with too many nested glsl functions.
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformgraphicscamacPlatformCALayerMacmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/graphics/ca/mac/PlatformCALayerMac.mm (170861 => 170862)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/graphics/ca/mac/PlatformCALayerMac.mm 2014-07-07 23:44:42 UTC (rev 170861)
+++ trunk/Source/WebCore/platform/graphics/ca/mac/PlatformCALayerMac.mm 2014-07-07 23:44:49 UTC (rev 170862)
</span><span class="lines">@@ -132,7 +132,8 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- m_owner->animationStarted(animationKey, startTime);
</del><ins>+ if (!animationKey.isEmpty())
+ m_owner->animationStarted(animationKey, startTime);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (170861 => 170862)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2014-07-07 23:44:42 UTC (rev 170861)
+++ trunk/Source/WebKit2/ChangeLog 2014-07-07 23:44:49 UTC (rev 170862)
</span><span class="lines">@@ -1,3 +1,30 @@
</span><ins>+2014-07-07 Simon Fraser <simon.fraser@apple.com>
+
+ [UI-side compositing] Crash when starting a filter transition on a reflected layer
+ https://bugs.webkit.org/show_bug.cgi?id=134694
+
+ Reviewed by Tim Horton.
+
+ When cloned layers had animations, we would fire two animationDidStart callbacks,
+ but the second would pass an empty animationKey string to the web process, resulting
+ in a crash.
+
+ Fix by not blindly copying all layer properties when cloning PlatformCALayerRemotes,
+ since the clone would include addedAnimations, and then get the same animations
+ added on top by the caller.
+
+ Also protect against an empty animation key in the animationDidStart callback.
+
+ * UIProcess/mac/RemoteLayerTreeHost.mm:
+ (WebKit::RemoteLayerTreeHost::animationDidStart):
+ * WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
+ (WebKit::PlatformCALayerRemote::PlatformCALayerRemote):
+ (WebKit::PlatformCALayerRemote::clone): Don't copy all the properties; copy
+ them manually as PlatformCALayerMac does. Only copy the big things if they don't
+ have their default values.
+ (WebKit::PlatformCALayerRemote::copyFiltersFrom): Need an implementation of this
+ for clone() to call.
+
</ins><span class="cx"> 2014-07-07 Tim Horton <timothy_horton@apple.com>
</span><span class="cx">
</span><span class="cx"> Nearly everything in the UIProcess "leaks" when WKWebView is torn down
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessmacRemoteLayerTreeHostmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm (170861 => 170862)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm 2014-07-07 23:44:42 UTC (rev 170861)
+++ trunk/Source/WebKit2/UIProcess/mac/RemoteLayerTreeHost.mm 2014-07-07 23:44:49 UTC (rev 170862)
</span><span class="lines">@@ -148,7 +148,8 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- m_drawingArea.acceleratedAnimationDidStart(layerID, animationKey, startTime);
</del><ins>+ if (!animationKey.isEmpty())
+ m_drawingArea.acceleratedAnimationDidStart(layerID, animationKey, startTime);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void RemoteLayerTreeHost::clearLayers()
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcessWebPagemacPlatformCALayerRemotecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/WebPage/mac/PlatformCALayerRemote.cpp (170861 => 170862)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/WebPage/mac/PlatformCALayerRemote.cpp 2014-07-07 23:44:42 UTC (rev 170861)
+++ trunk/Source/WebKit2/WebProcess/WebPage/mac/PlatformCALayerRemote.cpp 2014-07-07 23:44:49 UTC (rev 170862)
</span><span class="lines">@@ -90,7 +90,6 @@
</span><span class="cx">
</span><span class="cx"> PlatformCALayerRemote::PlatformCALayerRemote(const PlatformCALayerRemote& other, PlatformCALayerClient* owner, RemoteLayerTreeContext& context)
</span><span class="cx"> : PlatformCALayer(other.layerType(), owner)
</span><del>- , m_properties(other.m_properties)
</del><span class="cx"> , m_superlayer(nullptr)
</span><span class="cx"> , m_maskLayer(nullptr)
</span><span class="cx"> , m_acceleratesDrawing(other.acceleratesDrawing())
</span><span class="lines">@@ -102,8 +101,28 @@
</span><span class="cx"> {
</span><span class="cx"> RefPtr<PlatformCALayerRemote> clone = PlatformCALayerRemote::create(*this, client, *m_context);
</span><span class="cx">
</span><del>- clone->m_properties.notePropertiesChanged(static_cast<RemoteLayerTreeTransaction::LayerChange>(m_properties.everChangedProperties & ~RemoteLayerTreeTransaction::BackingStoreChanged));
</del><ins>+ clone->setPosition(position());
+ clone->setBounds(bounds());
+ clone->setAnchorPoint(anchorPoint());
</ins><span class="cx">
</span><ins>+ if (m_properties.transform)
+ clone->setTransform(*m_properties.transform);
+
+ if (m_properties.sublayerTransform)
+ clone->setSublayerTransform(*m_properties.sublayerTransform);
+
+ clone->setContents(contents());
+ clone->setMasksToBounds(masksToBounds());
+ clone->setDoubleSided(isDoubleSided());
+ clone->setOpaque(isOpaque());
+ clone->setBackgroundColor(backgroundColor());
+ clone->setContentsScale(contentsScale());
+#if ENABLE(CSS_FILTERS)
+ if (m_properties.filters)
+ clone->copyFiltersFrom(this);
+#endif
+ clone->updateCustomAppearance(customAppearance());
+
</ins><span class="cx"> clone->setClonedLayer(this);
</span><span class="cx"> return clone.release();
</span><span class="cx"> }
</span><span class="lines">@@ -577,7 +596,12 @@
</span><span class="cx">
</span><span class="cx"> void PlatformCALayerRemote::copyFiltersFrom(const PlatformCALayer* sourceLayer)
</span><span class="cx"> {
</span><del>- ASSERT_NOT_REACHED();
</del><ins>+ if (const FilterOperations* filters = toPlatformCALayerRemote(sourceLayer)->m_properties.filters.get())
+ setFilters(*filters);
+ else if (m_properties.filters)
+ m_properties.filters = nullptr;
+
+ m_properties.notePropertiesChanged(RemoteLayerTreeTransaction::FiltersChanged);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #if ENABLE(CSS_COMPOSITING)
</span></span></pre>
</div>
</div>
</body>
</html>