187382 2018-07-06 02:10:00 -0700 [Crash] Illegal use of uninitialized std::optional value in WebCore::AnimationBase::updateStateMachine 2018-07-06 03:12:23 -0700 1 1 1 Unclassified WebKit Animations WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=186536 InRadar P2 Normal --- 1 fred.wang fred.wang cgarcia commit-queue dino dstockwell ews-watchlist graouts mcatanzaro simon.fraser webkit-bug-importer oldest_to_newest 1439733 0 fred.wang 2018-07-06 02:10:00 -0700 See bug 186536 comment 41 for a repro case with Google drive and stack trace. With the patch from bug 186536, the crash happens here: case AnimationState::PausedWaitTimer: ASSERT(input == AnimationStateInput::PlayStateRunning); ASSERT(paused()); // Update the times m_startTime = m_startTime.value(0) + beginAnimationUpdateTime() - m_pauseTime.value_or(0); m_pauseTime = std::nullopt; Checking other potential misuses of uninitialized std::optional members in AnimationBase::updateStateMachine(), I only see one possible other place. I'll just use value_or(0) for these two places to workaround these issues. Antoine Quint mentioned that the old animation code is going to be removed soon, so the actual way we fix these should not be a big deal... 1439735 1 344410 fred.wang 2018-07-06 02:15:29 -0700 Created attachment 344410 Patch 1439746 2 344410 commit-queue 2018-07-06 03:10:56 -0700 Comment on attachment 344410 Patch Clearing flags on attachment: 344410 Committed r233574: <https://trac.webkit.org/changeset/233574> 1439747 3 commit-queue 2018-07-06 03:10:58 -0700 All reviewed patches have been landed. Closing bug. 1439749 4 webkit-bug-importer 2018-07-06 03:12:23 -0700 <rdar://problem/41885732> 344410 2018-07-06 02:15:29 -0700 2018-07-06 03:10:56 -0700 Patch bug-187382-20180706111528.patch text/plain 2607 fred.wang U3VidmVyc2lvbiBSZXZpc2lvbjogMjMzNTcyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggY2Y0NDIyMGQ3MDI2ZDE0 ZTZiYWI0YmZhNzJlYTkwOGZiNDZhYjg1MS4uNTJhMjc3NTVhZWI5ZDQ5Nzk2M2ViYjc5ZjBhMmVj NTUyNWJkMDM1OSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDE4LTA3LTA2ICBGcmVk ZXJpYyBXYW5nICA8ZndhbmdAaWdhbGlhLmNvbT4KKworICAgICAgICBbQ3Jhc2hdIElsbGVnYWwg dXNlIG9mIHVuaW5pdGlhbGl6ZWQgc3RkOjpvcHRpb25hbCB2YWx1ZSBpbiBXZWJDb3JlOjpBbmlt YXRpb25CYXNlOjp1cGRhdGVTdGF0ZU1hY2hpbmUKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTE4NzM4MgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIFdlYkNvcmU6OkFuaW1hdGlvbkJhc2U6OnVwZGF0ZVN0YXRl TWFjaGluZSBoYXMgdHdvIHBvdGVudGlhbCBwbGFjZXMgd2hlcmUgdGhlIHVzZSBvZiBhbgorICAg ICAgICB1bmluaXRpYWxpemVkIHN0ZDpvcHRpb25hbCB2YWx1ZSBpcyBwb3NzaWJsZSBhbmQgb25l IG9mIHRoZW0gaXMgaGl0IHdoZW4gdXNpbmcgR29vZ2xlIGRyaXZlLgorICAgICAgICBTaW5jZSB0 aGF0IG9sZCBhbmltYXRpb24gY29kZSBpcyBnb2luZyB0byBiZSByZW1vdmVkIHNvb24sIHdlIGp1 c3QgcXVpY2tseSBwYXRjaCB0aGlzIGlzc3VlCisgICAgICAgIHZpYSB2YWx1ZV9vcigpIHNvIHRo YXQgd2UgY2FuIHJlc3RvcmUgdGhlIEFTU0VSVCBhZGRlZCBpbiBidWcgMTg2NTM2LgorCisgICAg ICAgIE5vIG5ldyB0ZXN0cywgY29kZSBpcyBnb2luZyB0byBiZSByZW1vdmVkIHNvb24uCisKKyAg ICAgICAgKiBwYWdlL2FuaW1hdGlvbi9BbmltYXRpb25CYXNlLmNwcDoKKyAgICAgICAgKFdlYkNv cmU6OkFuaW1hdGlvbkJhc2U6OnVwZGF0ZVN0YXRlTWFjaGluZSk6IFVzZSB2YWx1ZV9vcigwKSB0 byBhdm9pZCBwb3RlbnRpYWwgY3Jhc2hlcy4KKwogMjAxOC0wNy0wNiAgRnJlZGVyaWMgV2FuZyAg PGZ3YW5nQGlnYWxpYS5jb20+CiAKICAgICAgICAgUmVuYW1lIEhUTUxUcmVlQnVpbGRlcjo6ZGlk Q3JlYXRlQ3VzdG9tT3JDYWxsYmFja0VsZW1lbnQKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3Jl L3BhZ2UvYW5pbWF0aW9uL0FuaW1hdGlvbkJhc2UuY3BwIGIvU291cmNlL1dlYkNvcmUvcGFnZS9h bmltYXRpb24vQW5pbWF0aW9uQmFzZS5jcHAKaW5kZXggODE2M2Q0OTliMWI3MjQ4OWE1OTNkNGE4 NjQzM2Y2ZjIyYzFmYTg3Ny4uZDFkMGE4MTFmMDM4NjE0NmY4Y2E4MzcxYTk0MDNiMGY4MTU0NmMx NCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGFnZS9hbmltYXRpb24vQW5pbWF0aW9uQmFz ZS5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGFnZS9hbmltYXRpb24vQW5pbWF0aW9uQmFzZS5j cHAKQEAgLTM3OSw3ICszNzksNyBAQCB2b2lkIEFuaW1hdGlvbkJhc2U6OnVwZGF0ZVN0YXRlTWFj aGluZShBbmltYXRpb25TdGF0ZUlucHV0IGlucHV0LCBkb3VibGUgcGFyYW0pCiAgICAgICAgICAg ICBBU1NFUlQoaW5wdXQgPT0gQW5pbWF0aW9uU3RhdGVJbnB1dDo6UGxheVN0YXRlUnVubmluZyk7 CiAgICAgICAgICAgICBBU1NFUlQocGF1c2VkKCkpOwogICAgICAgICAgICAgLy8gVXBkYXRlIHRo ZSB0aW1lcwotICAgICAgICAgICAgbV9zdGFydFRpbWUgPSBtX3N0YXJ0VGltZS52YWx1ZSgpICsg YmVnaW5BbmltYXRpb25VcGRhdGVUaW1lKCkgLSBtX3BhdXNlVGltZS52YWx1ZV9vcigwKTsKKyAg ICAgICAgICAgIG1fc3RhcnRUaW1lID0gbV9zdGFydFRpbWUudmFsdWVfb3IoMCkgKyBiZWdpbkFu aW1hdGlvblVwZGF0ZVRpbWUoKSAtIG1fcGF1c2VUaW1lLnZhbHVlX29yKDApOwogICAgICAgICAg ICAgbV9wYXVzZVRpbWUgPSBzdGQ6Om51bGxvcHQ7CiAKICAgICAgICAgICAgIC8vIHdlIHdlcmUg d2FpdGluZyBmb3IgdGhlIHN0YXJ0IHRpbWVyIHRvIGZpcmUsIGdvIGJhY2sgYW5kIHdhaXQgYWdh aW4KQEAgLTQxMSw3ICs0MTEsNyBAQCB2b2lkIEFuaW1hdGlvbkJhc2U6OnVwZGF0ZVN0YXRlTWFj aGluZShBbmltYXRpb25TdGF0ZUlucHV0IGlucHV0LCBkb3VibGUgcGFyYW0pCiAKICAgICAgICAg ICAgICAgICAvLyBVcGRhdGUgdGhlIHRpbWVzCiAgICAgICAgICAgICAgICAgaWYgKG1fYW5pbWF0 aW9uU3RhdGUgPT0gQW5pbWF0aW9uU3RhdGU6OlBhdXNlZFJ1bikKLSAgICAgICAgICAgICAgICAg ICAgbV9zdGFydFRpbWUgPSBtX3N0YXJ0VGltZS52YWx1ZSgpICsgYmVnaW5BbmltYXRpb25VcGRh dGVUaW1lKCkgLSBtX3BhdXNlVGltZS52YWx1ZV9vcigwKTsKKyAgICAgICAgICAgICAgICAgICAg bV9zdGFydFRpbWUgPSBtX3N0YXJ0VGltZS52YWx1ZV9vcigwKSArIGJlZ2luQW5pbWF0aW9uVXBk YXRlVGltZSgpIC0gbV9wYXVzZVRpbWUudmFsdWVfb3IoMCk7CiAgICAgICAgICAgICAgICAgZWxz ZQogICAgICAgICAgICAgICAgICAgICBtX3N0YXJ0VGltZSA9IDA7CiAK