188519 2018-08-13 10:09:30 -0700 [Web Animations] Crash under AnimationTimeline::cancelOrRemoveDeclarativeAnimation() 2018-08-14 08:15:14 -0700 1 1 1 Unclassified WebKit Animations Other Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=188253 InRadar P2 Normal --- 1 graouts graouts dexxenon dino eric.carlson webkit-bug-importer oldest_to_newest 1449662 0 graouts 2018-08-13 10:09:30 -0700 When loading www.seloger.com we crash in AnimationTimeline::cancelOrRemoveDeclarativeAnimation() with a null `animation` parameter. 1449665 1 graouts 2018-08-13 10:10:31 -0700 We also have a crash in this function in webkit.org/b/188253. 1449667 2 webkit-bug-importer 2018-08-13 10:11:16 -0700 <rdar://problem/43237889> 1449668 3 graouts 2018-08-13 10:12:00 -0700 I also came across webkit.org/b/188518 trying to figure out why the site was crashing. To reproduce this crash, we need to comment out the ASSERT() from that other bug. 1449692 4 graouts 2018-08-13 11:24:40 -0700 In this case we would crash because we blindly assumed an animation that was found in the previous style must be in the list of running animations but in fact it could have been removed already due to the element being removed from the DOM. So when we iterate over names of animations that were found in the previous style but not in the new style, we must make a null check to ensure that there is an animation to remove. Adding an ASSERT() in AnimationTimeline::cancelOrRemoveDeclarativeAnimation() will also clarify the contract here. 1449697 5 graouts 2018-08-13 11:29:55 -0700 *** Bug 188253 has been marked as a duplicate of this bug. *** 1449927 6 347072 graouts 2018-08-14 07:23:45 -0700 Created attachment 347072 Patch 1449938 7 graouts 2018-08-14 08:15:14 -0700 Committed r234848: <https://trac.webkit.org/changeset/234848> 347072 2018-08-14 07:23:45 -0700 2018-08-14 07:38:47 -0700 Patch bug-188519-20180814162344.patch text/plain 5959 graouts U3VidmVyc2lvbiBSZXZpc2lvbjogMjM0NzkyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMDMwOTMzMTVhYmFjMmE5 ZWMyNzA5NzNhNDI3YjgzZDBiN2U3NzI1MS4uODk4MGM5ZTAyMzNmZmQ3MzI5NzNlNzM0MmVmNDQy MjJhYWZmOTZmYyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIzIEBACisyMDE4LTA4LTE0ICBBbnRv aW5lIFF1aW50ICA8Z3Jhb3V0c0BhcHBsZS5jb20+CisKKyAgICAgICAgW1dlYiBBbmltYXRpb25z XSBDcmFzaCB1bmRlciBBbmltYXRpb25UaW1lbGluZTo6Y2FuY2VsT3JSZW1vdmVEZWNsYXJhdGl2 ZUFuaW1hdGlvbigpCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0xODg1MTkKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzQzMjM3ODg5PgorCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRlc3Q6IHdlYmFuaW1hdGlv bnMvY3NzLWFuaW1hdGlvbi1lZmZlY3QtdGFyZ2V0LWNoYW5nZS1hbmQtYW5pbWF0aW9uLXJlbW92 YWwtY3Jhc2guaHRtbAorCisgICAgICAgIFdlIHdvdWxkIGNyYXNoIGJlY2F1c2Ugd2UgYmxpbmRs eSBhc3N1bWVkIGFuIGFuaW1hdGlvbiB0aGF0IHdhcyBmb3VuZCBpbiB0aGUgcHJldmlvdXMgc3R5 bGUgbXVzdCBiZSBpbiB0aGUgbGlzdCBvZiBydW5uaW5nIGFuaW1hdGlvbnMKKyAgICAgICAgYnV0 IGluIGZhY3QgaXQgY291bGQgaGF2ZSBiZWVuIHJlbW92ZWQgYWxyZWFkeSBkdWUgdG8gdGhlIGVs ZW1lbnQgYmVpbmcgcmVtb3ZlZCBmcm9tIHRoZSBET00gb3IgaXRzIGVmZmVjdCB0YXJnZXQgY2hh bmdpbmcsIGV0Yy4gU28gd2hlbgorICAgICAgICB3ZSBpdGVyYXRlIG92ZXIgbmFtZXMgb2YgYW5p bWF0aW9ucyB0aGF0IHdlcmUgZm91bmQgaW4gdGhlIHByZXZpb3VzIHN0eWxlIGJ1dCBub3QgaW4g dGhlIG5ldyBzdHlsZSwgd2UgbXVzdCBtYWtlIGEgbnVsbCBjaGVjayB0byBlbnN1cmUKKyAgICAg ICAgdGhhdCB0aGVyZSBpcyBhbiBhbmltYXRpb24gdG8gcmVtb3ZlLiBBZGRpbmcgYW4gQVNTRVJU KCkgaW4gQW5pbWF0aW9uVGltZWxpbmU6OmNhbmNlbE9yUmVtb3ZlRGVjbGFyYXRpdmVBbmltYXRp b24oKSB3aWxsIGFsc28gY2xhcmlmeSB0aGUKKyAgICAgICAgZXhwZWN0YXRpb24gaGVyZS4KKwor ICAgICAgICAqIGFuaW1hdGlvbi9BbmltYXRpb25UaW1lbGluZS5jcHA6CisgICAgICAgIChXZWJD b3JlOjpBbmltYXRpb25UaW1lbGluZTo6dXBkYXRlQ1NTQW5pbWF0aW9uc0ZvckVsZW1lbnQpOgor ICAgICAgICAoV2ViQ29yZTo6QW5pbWF0aW9uVGltZWxpbmU6OmNhbmNlbE9yUmVtb3ZlRGVjbGFy YXRpdmVBbmltYXRpb24pOgorCiAyMDE4LTA4LTEyICBTaWh1aSBMaXUgIDxzaWh1aV9saXVAYXBw bGUuY29tPgogCiAgICAgICAgIENyYXNoVHJhY2VyOiBjb20uYXBwbGUuV2ViS2l0LlN0b3JhZ2Ug YXQgV2ViQ29yZTo6SURCU2VydmVyOjpVbmlxdWVJREJEYXRhYmFzZTo6Y29ubmVjdGlvbkNsb3Nl ZEZyb21DbGllbnQoV2ViQ29yZTo6SURCU2VydmVyOjpVbmlxdWVJREJEYXRhYmFzZUNvbm5lY3Rp b24mKQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvYW5pbWF0aW9uL0FuaW1hdGlvblRpbWVs aW5lLmNwcCBiL1NvdXJjZS9XZWJDb3JlL2FuaW1hdGlvbi9BbmltYXRpb25UaW1lbGluZS5jcHAK aW5kZXggODg3OTFhMjUzY2I0MTMzZGM0YzE2ZWNmOWI4MjA0ZTdhMDk5YTdjNS4uMzQyYjI4MzU0 ODBlMDliYjdmODVkMzFlMWRlYzkyN2U2ODg4NWYzMCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNv cmUvYW5pbWF0aW9uL0FuaW1hdGlvblRpbWVsaW5lLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9h bmltYXRpb24vQW5pbWF0aW9uVGltZWxpbmUuY3BwCkBAIC0yNzIsOCArMjcyLDEwIEBAIHZvaWQg QW5pbWF0aW9uVGltZWxpbmU6OnVwZGF0ZUNTU0FuaW1hdGlvbnNGb3JFbGVtZW50KEVsZW1lbnQm IGVsZW1lbnQsIGNvbnN0IFJlCiAKICAgICAvLyBUaGUgYW5pbWF0aW9ucyBuYW1lcyBsZWZ0IGlu IG5hbWVzT2ZQcmV2aW91c0FuaW1hdGlvbnMgYXJlIG5vdyBrbm93biB0byBubyBsb25nZXIgYXBw bHkgc28gd2UgbmVlZCB0bwogICAgIC8vIHJlbW92ZSB0aGUgQ1NTQW5pbWF0aW9uIG9iamVjdCBj cmVhdGVkIGZvciB0aGVtLgotICAgIGZvciAoY29uc3QgYXV0byYgbmFtZU9mQW5pbWF0aW9uVG9S ZW1vdmUgOiBuYW1lc09mUHJldmlvdXNBbmltYXRpb25zKQotICAgICAgICBjYW5jZWxPclJlbW92 ZURlY2xhcmF0aXZlQW5pbWF0aW9uKGNzc0FuaW1hdGlvbnNCeU5hbWUudGFrZShuYW1lT2ZBbmlt YXRpb25Ub1JlbW92ZSkpOworICAgIGZvciAoY29uc3QgYXV0byYgbmFtZU9mQW5pbWF0aW9uVG9S ZW1vdmUgOiBuYW1lc09mUHJldmlvdXNBbmltYXRpb25zKSB7CisgICAgICAgIGlmIChhdXRvIGFu aW1hdGlvbiA9IGNzc0FuaW1hdGlvbnNCeU5hbWUudGFrZShuYW1lT2ZBbmltYXRpb25Ub1JlbW92 ZSkpCisgICAgICAgICAgICBjYW5jZWxPclJlbW92ZURlY2xhcmF0aXZlQW5pbWF0aW9uKGFuaW1h dGlvbik7CisgICAgfQogCiAgICAgLy8gUmVtb3ZlIHRoZSBtYXAgb2YgQ1NTQW5pbWF0aW9ucyBi eSBhbmltYXRpb24gbmFtZSBmb3IgdGhpcyBlbGVtZW50IGlmIGl0J3Mgbm93IGVtcHR5LgogICAg IGlmIChjc3NBbmltYXRpb25zQnlOYW1lLmlzRW1wdHkoKSkKQEAgLTQ3NCw2ICs0NzYsNyBAQCB2 b2lkIEFuaW1hdGlvblRpbWVsaW5lOjp1cGRhdGVDU1NUcmFuc2l0aW9uc0ZvckVsZW1lbnQoRWxl bWVudCYgZWxlbWVudCwgY29uc3QgUgogCiB2b2lkIEFuaW1hdGlvblRpbWVsaW5lOjpjYW5jZWxP clJlbW92ZURlY2xhcmF0aXZlQW5pbWF0aW9uKFJlZlB0cjxEZWNsYXJhdGl2ZUFuaW1hdGlvbj4g YW5pbWF0aW9uKQogeworICAgIEFTU0VSVChhbmltYXRpb24pOwogICAgIGlmIChhdXRvKiBlZmZl Y3QgPSBhbmltYXRpb24tPmVmZmVjdCgpKSB7CiAgICAgICAgIGF1dG8gcGhhc2UgPSBlZmZlY3Qt PnBoYXNlKCk7CiAgICAgICAgIGlmIChwaGFzZSAhPSBBbmltYXRpb25FZmZlY3RSZWFkT25seTo6 UGhhc2U6OklkbGUgJiYgcGhhc2UgIT0gQW5pbWF0aW9uRWZmZWN0UmVhZE9ubHk6OlBoYXNlOjpB ZnRlcikgewpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nIGIvTGF5b3V0VGVzdHMv Q2hhbmdlTG9nCmluZGV4IGRhNmE2MWQ4OWQ3YzA2MzM1ZjI4ZDY2OGQzMjU2YWY3NGViYWRlNTEu Ljg4ZWI4YTVhMWVjZTdiNTMyNzMxNGI0Nzc0ZTBlMGY3OTcyNzNkOWMgMTAwNjQ0Ci0tLSBhL0xh eW91dFRlc3RzL0NoYW5nZUxvZworKysgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKQEAgLTEsMyAr MSwyMCBAQAorMjAxOC0wOC0xNCAgQW50b2luZSBRdWludCAgPGdyYW91dHNAYXBwbGUuY29tPgor CisgICAgICAgIFtXZWIgQW5pbWF0aW9uc10gQ3Jhc2ggdW5kZXIgQW5pbWF0aW9uVGltZWxpbmU6 OmNhbmNlbE9yUmVtb3ZlRGVjbGFyYXRpdmVBbmltYXRpb24oKQorICAgICAgICBodHRwczovL2J1 Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTg4NTE5CisgICAgICAgIDxyZGFyOi8vcHJv YmxlbS80MzIzNzg4OT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKwor ICAgICAgICBBZGQgYSB0ZXN0IHdoZXJlIHdlIGNsb25lIHRoZSBlZmZlY3QgdG8gYmUgbXV0YWJs ZSBhbmQgc2V0IGEgbmV3IHRhcmdldC4gQXQgdGhpcyBzdGFnZSB0aGUgYW5pbWF0aW9uIGlzIG5v IGxvbmdlciBsaXN0ZWQgaW4gdGhlCisgICAgICAgIG1fZWxlbWVudFRvQ1NTQW5pbWF0aW9uQnlO YW1lIG1hcCBvbiBBbmltYXRpb25UaW1lbGluZS4gVGhlbiB3ZSByZW1vdmUgdGhlIGFuaW1hdGlv biBhbmQgZm9yY2UgYSBzdHlsZSByZWNhbGMgZm9yIHRoaXMgZWxlbWVudCwKKyAgICAgICAgImFu aW0iIHdpbGwgYmUgaW4gdGhlIG9sZCBzdHlsZSBidXQgbm90IGluIHRoZSBuZXcgc3R5bGUgYW5k IHdlIHVzZWQgdG8gYXR0ZW1wdCB0byBnZXQgYW4gYW5pbWF0aW9uIG1hdGNoaW5nIHRoYXQgbmFt ZSBmcm9tCisgICAgICAgIG1fZWxlbWVudFRvQ1NTQW5pbWF0aW9uQnlOYW1lIGJ1dCBpdCB3b3Vs ZCBiZSBudWxsLCB3aGljaCB3b3VsZCBsZWFkIHRvIGEgY3Jhc2guIE5vdyB3ZSBjaGVjayB0aGF0 IHdlIGluZGVlZCBoYXZlIHN1Y2ggYW4gYW5pbWF0aW9uCisgICAgICAgIGJlZm9yZSBwcm9jZWVk aW5nLgorCisgICAgICAgICogd2ViYW5pbWF0aW9ucy9jc3MtYW5pbWF0aW9uLWVmZmVjdC10YXJn ZXQtY2hhbmdlLWFuZC1hbmltYXRpb24tcmVtb3ZhbC1jcmFzaC1leHBlY3RlZC5odG1sOiBBZGRl ZC4KKyAgICAgICAgKiB3ZWJhbmltYXRpb25zL2Nzcy1hbmltYXRpb24tZWZmZWN0LXRhcmdldC1j aGFuZ2UtYW5kLWFuaW1hdGlvbi1yZW1vdmFsLWNyYXNoLmh0bWw6IEFkZGVkLgorCiAyMDE4LTA4 LTEyICBNaWNoYWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KIAogICAgICAg ICBVbnJldmlld2VkIEdUSyB0ZXN0IGdhcmRlbmluZwpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMv d2ViYW5pbWF0aW9ucy9jc3MtYW5pbWF0aW9uLWVmZmVjdC10YXJnZXQtY2hhbmdlLWFuZC1hbmlt YXRpb24tcmVtb3ZhbC1jcmFzaC1leHBlY3RlZC5odG1sIGIvTGF5b3V0VGVzdHMvd2ViYW5pbWF0 aW9ucy9jc3MtYW5pbWF0aW9uLWVmZmVjdC10YXJnZXQtY2hhbmdlLWFuZC1hbmltYXRpb24tcmVt b3ZhbC1jcmFzaC1leHBlY3RlZC5odG1sCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAuLmU2OWRlMjliYjJkMWQ2NDM0Yjhi MjlhZTc3NWFkOGMyZTQ4YzUzOTEKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL3dlYmFuaW1hdGlv bnMvY3NzLWFuaW1hdGlvbi1lZmZlY3QtdGFyZ2V0LWNoYW5nZS1hbmQtYW5pbWF0aW9uLXJlbW92 YWwtY3Jhc2guaHRtbCBiL0xheW91dFRlc3RzL3dlYmFuaW1hdGlvbnMvY3NzLWFuaW1hdGlvbi1l ZmZlY3QtdGFyZ2V0LWNoYW5nZS1hbmQtYW5pbWF0aW9uLXJlbW92YWwtY3Jhc2guaHRtbApuZXcg ZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwLi41MTMwNWFiYTkwNDYwYjRhZTM5ZmRmMTRlYTVlMmM3MjRkZWJiNGRjCi0tLSAvZGV2 L251bGwKKysrIGIvTGF5b3V0VGVzdHMvd2ViYW5pbWF0aW9ucy9jc3MtYW5pbWF0aW9uLWVmZmVj dC10YXJnZXQtY2hhbmdlLWFuZC1hbmltYXRpb24tcmVtb3ZhbC1jcmFzaC5odG1sCkBAIC0wLDAg KzEsMjYgQEAKKzwhRE9DVFlQRSBodG1sPjwhLS0gd2Via2l0LXRlc3QtcnVubmVyIFsgZW5hYmxl V2ViQW5pbWF0aW9uc0NTU0ludGVncmF0aW9uPXRydWUgXSAtLT4KKzxib2R5PgorPHN0eWxlPgor CitAa2V5ZnJhbWVzIGFuaW0geworICAgIGZyb20geyBtYXJnaW4tbGVmdDogMCB9CisgICAgdG8g ICB7IG1hcmdpbi1sZWZ0OiAxMDBweCB9Cit9CisKKzwvc3R5bGU+Cis8c2NyaXB0PgorCitjb25z dCB0YXJnZXQgPSBkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGRvY3VtZW50LmNyZWF0ZUVsZW1l bnQoImRpdiIpKTsKK3RhcmdldC5zdHlsZS5hbmltYXRpb24gPSAiYW5pbSAxcyI7Citjb25zdCBh bmltYXRpb24gPSB0YXJnZXQuZ2V0QW5pbWF0aW9ucygpWzBdOworCithbmltYXRpb24uZWZmZWN0 ID0gbmV3IEtleWZyYW1lRWZmZWN0KGFuaW1hdGlvbi5lZmZlY3QpOworYW5pbWF0aW9uLmVmZmVj dC50YXJnZXQgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCJkaXYiKTsKKwordGFyZ2V0LnN0eWxl LmFuaW1hdGlvbiA9ICJub25lIjsKK3RhcmdldC5nZXRBbmltYXRpb25zKCk7CisKK3RhcmdldC5y ZW1vdmUoKTsKKworPC9zY3JpcHQ+Cis8L2JvZHk+Cg==