Mercurial > mozreview > gecko / changeset / 63c5065d1291de40a26715a3db24d9c00708e95d
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1330513- Check that mCSSValueList is null in case of filter and shadow in StyleAnimationValue::Add(). r?boris draft
authorHiroyuki Ikezoe <hikezoe@mozilla.com>
Thu, 12 Jan 2017 19:42:14 +0900
changeset 459647 63c5065d1291de40a26715a3db24d9c00708e95d
parent 459611 97d6f73643940256c0eb61e384c49bf6f6c49847
child 541950 0018669400a3141ccf94deb9f895f44f8ecdbe5b
push id41281
push userhiikezoe@mozilla-japan.org
push dateThu, 12 Jan 2017 10:43:17 +0000
reviewersboris
bugs1330513
milestone53.0a1
Bug 1330513- Check that mCSSValueList is null in case of filter and shadow in StyleAnimationValue::Add(). r?boris The StyleAnimationValue for filter and shadow has no mCSSValueList in case of initial style. MozReview-Commit-ID: JigQQBbx77x
dom/animation/test/crashtests/1330513-1.html file | annotate | diff | comparison | revisions
dom/animation/test/crashtests/crashtests.list file | annotate | diff | comparison | revisions
layout/style/StyleAnimationValue.cpp file | annotate | diff | comparison | revisions 
new file mode 100644
--- /dev/null
+++ b/dom/animation/test/crashtests/1330513-1.html
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html>
+<body id=a></body>
+<script>
+document.getElementById("a")
+  .animate([{"filter": "grayscale(28%)"}], {fill:"forwards", composite:"add"});
+</script>
+</html>
--- a/dom/animation/test/crashtests/crashtests.list
+++ b/dom/animation/test/crashtests/crashtests.list
@@ -11,9 +11,10 @@ asserts-if(stylo,4-10) pref(dom.animatio
 asserts-if(stylo,5) pref(dom.animations-api.core.enabled,true) load 1278485-1.html # bug 1324691
 asserts-if(stylo,31) pref(dom.animations-api.core.enabled,true) load 1277272-1.html # bug 1324694
 asserts-if(stylo,2) pref(dom.animations-api.core.enabled,true) load 1290535-1.html # bug 1324690
 pref(dom.animations-api.core.enabled,true) load 1304886-1.html
 pref(dom.animations-api.core.enabled,true) load 1322382-1.html
 skip-if(stylo) pref(dom.animations-api.core.enabled,true) load 1322291-1.html # bug 1323733
 asserts-if(stylo,0-5) pref(dom.animations-api.core.enabled,true) load 1323114-1.html # bug 1324690
 asserts-if(stylo,0-5) pref(dom.animations-api.core.enabled,true) load 1323114-2.html # bug 1324690
+skip-if(stylo) pref(dom.animations-api.core.enabled,true) load 1330513-1.html # bug 1311257
 skip-if(stylo) pref(dom.animations-api.core.enabled,true) load 1325193-1.html # bug 1311257
--- a/layout/style/StyleAnimationValue.cpp
+++ b/layout/style/StyleAnimationValue.cpp
@@ -779,24 +779,26 @@ StyleAnimationValue::Add(nsCSSPropertyID
       result.mValue.mCSSValue->SetRGBAColorValue(
         AddWeightedColors(1.0, color1, 1, color2));
       break;
     }
     case eUnit_Filter:
     case eUnit_Shadow: {
       // If |aA| has no function list, don't concatinate anything, just return
       // |aB| as the result.
-      if (aA.GetCSSValueListValue()->mValue.GetUnit() == eCSSUnit_None) {
+      if (!aA.GetCSSValueListValue() ||
+          aA.GetCSSValueListValue()->mValue.GetUnit() == eCSSUnit_None) {
         break;
       }
       UniquePtr<nsCSSValueList> resultList(aA.GetCSSValueListValue()->Clone());
 
       // If |aB| has function list, concatinate it to |aA|, then return
       // the concatinated list.
-      if (result.GetCSSValueListValue()->mValue.GetUnit() != eCSSUnit_None) {
+      if (result.GetCSSValueListValue() &&
+          result.GetCSSValueListValue()->mValue.GetUnit() != eCSSUnit_None) {
         nsCSSValueList* listA = resultList.get();
         while (listA->mNext) {
           listA = listA->mNext;
         }
 
         listA->mNext = result.GetCSSValueListValue();
       }
       result.mValue.mCSSValueList = resultList.release();
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.