WebKit Bugzilla
Attachment 361291 Details for
Bug 194333
: RELEASE_ASSERT(!m_document.isResolvingTreeStyle()) in com.apple.WebKit.WebContent at WebCore: WebCore::StyleResolver::~StyleResolver
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
extension-stylesheet-animation-crash.html (text/plain), 4.98 KB, created by
Antti Koivisto
on 2019-02-06 05:16:10 PST
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Antti Koivisto
Created:
2019-02-06 05:16:10 PST
Size:
4.98 KB
patch
obsolete
>Index: Source/WebCore/ChangeLog >=================================================================== >--- Source/WebCore/ChangeLog (revision 241015) >+++ Source/WebCore/ChangeLog (working copy) >@@ -1,3 +1,22 @@ >+2019-02-06 Antti Koivisto <antti@apple.com> >+ >+ v3: CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::StyleResolver::~StyleResolver >+ https://bugs.webkit.org/show_bug.cgi?id=194333 >+ <rdar://problem/47822929> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Content extension may mutate the extension stylesheet as a result of animation code triggering >+ resource load in the middle of a style resolution. >+ >+ Test: http/tests/contentextensions/css-display-none-keyframe.html >+ >+ * style/StyleScope.cpp: >+ (WebCore::Style::Scope::scheduleUpdate): >+ >+ Avoid clearing the style resolver if we are in the middle of a style resolution. >+ A better fix that avoid doing this in the first place is tracked by https://bugs.webkit.org/show_bug.cgi?id=194335. >+ > 2019-02-05 Ryosuke Niwa <rniwa@webkit.org> > > REGRESSION (r240909): Release assert in FrameLoader::loadURL when navigating with a non-existent target name >Index: Source/WebCore/style/StyleScope.cpp >=================================================================== >--- Source/WebCore/style/StyleScope.cpp (revision 240970) >+++ Source/WebCore/style/StyleScope.cpp (working copy) >@@ -602,8 +602,10 @@ void Scope::scheduleUpdate(UpdateType up > // :host and ::slotted rules might go away. > if (m_shadowRoot && m_resolver) > invalidateHostAndSlottedStyleIfNeeded(*m_shadowRoot, *m_resolver); >+ // FIXME: Animation code may trigger resource load in middle of style recalc and that can add a rule to a content extension stylesheet. >+ // Fix and remove isResolvingTreeStyle() test below, see https://bugs.webkit.org/show_bug.cgi?id=194335 > // FIXME: The m_isUpdatingStyleResolver test is here because extension stylesheets can get us here from StyleResolver::appendAuthorStyleSheets. >- if (!m_isUpdatingStyleResolver) >+ if (!m_isUpdatingStyleResolver && !m_document.isResolvingTreeStyle()) > clearResolver(); > } > >Index: LayoutTests/ChangeLog >=================================================================== >--- LayoutTests/ChangeLog (revision 240970) >+++ LayoutTests/ChangeLog (working copy) >@@ -1,3 +1,15 @@ >+2019-02-06 Antti Koivisto <antti@apple.com> >+ >+ v3: CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::StyleResolver::~StyleResolver >+ https://bugs.webkit.org/show_bug.cgi?id=194333 >+ <rdar://problem/47822929> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/tests/contentextensions/css-display-none-keyframe-expected.txt: Added. >+ * http/tests/contentextensions/css-display-none-keyframe.html: Added. >+ * http/tests/contentextensions/css-display-none-keyframe.html.json: Added. >+ > 2019-02-04 Jonathan Bedard <jbedard@apple.com> > > [iPad] Initial test gardening (Part 1) >Index: LayoutTests/http/tests/contentextensions/css-display-none-keyframe-expected.txt >=================================================================== >--- LayoutTests/http/tests/contentextensions/css-display-none-keyframe-expected.txt (nonexistent) >+++ LayoutTests/http/tests/contentextensions/css-display-none-keyframe-expected.txt (working copy) >@@ -0,0 +1 @@ >+Test content extension inserting a display:none rule triggered by a resource in a keyframe. >Index: LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html >=================================================================== >--- LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html (nonexistent) >+++ LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html (working copy) >@@ -0,0 +1,27 @@ >+<!DOCTYPE HTML><!-- webkit-test-runner [ experimental:WebAnimationsCSSIntegrationEnabled=false ] --> >+<script> >+if (window.testRunner) { >+ testRunner.dumpAsText(); >+ testRunner.waitUntilDone(); >+} >+</script> >+<style> >+@keyframes bgimage { >+ from { >+ background-image: url("non-existent.png"); >+ } >+ to { >+ background-image: url("non-existent-2.png"); >+ } >+} >+div { >+ animation-duration: 0.1s; >+ animation-name: bgimage; >+} >+</style> >+<div onanimationend="testRunner.notifyDone()"> >+Test content extension inserting a display:none rule triggered by a resource in a keyframe. >+</div> >+<div class="hidden"> >+FAIL >+</div> >Index: LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html.json >=================================================================== >--- LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html.json (nonexistent) >+++ LayoutTests/http/tests/contentextensions/css-display-none-keyframe.html.json (working copy) >@@ -0,0 +1,11 @@ >+[ >+ { >+ "action": { >+ "type": "css-display-none", >+ "selector": ".hidden" >+ }, >+ "trigger": { >+ "url-filter": ".*png" >+ } >+ } >+]
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=361291">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194333
:
361291
|
361293