Bug 1334582 - Check whether overall progress exceeds UINT64_MAX. r?boris
The overall progress is factored in iteration start, so even if
TimingParams.mIterations is less than UINT64_MAX, it will exceed UINT64_MAX.
MozReview-Commit-ID: CEOYAGsCoIE
--- a/dom/animation/AnimationEffectReadOnly.cpp
+++ b/dom/animation/AnimationEffectReadOnly.cpp
@@ -181,18 +181,19 @@ AnimationEffectReadOnly::GetComputedTimi
// Factor in iteration start offset.
if (IsFinite(overallProgress)) {
overallProgress += result.mIterationStart;
}
// Determine the 0-based index of the current iteration.
// https://w3c.github.io/web-animations/#current-iteration
result.mCurrentIteration =
- result.mIterations >= UINT64_MAX &&
- result.mPhase == ComputedTiming::AnimationPhase::After
+ (result.mIterations >= UINT64_MAX
+ && result.mPhase == ComputedTiming::AnimationPhase::After)
+ || overallProgress >= UINT64_MAX
? UINT64_MAX // In GetComputedTimingDictionary(),
// we will convert this into Infinity
: static_cast<uint64_t>(overallProgress);
// Convert the overall progress to a fraction of a single iteration--the
// simply iteration progress.
// https://w3c.github.io/web-animations/#simple-iteration-progress
double progress = IsFinite(overallProgress)
new file mode 100644
--- /dev/null
+++ b/dom/animation/test/crashtests/1334582-2.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="UTF-8">
+<script>
+window.onload = function(){
+ let a = document.documentElement.animate([], {"iterationStart": 1.7976931348623157e+308, "fill": "both"});
+};
+</script>
+</head>
+</html>
--- a/dom/animation/test/crashtests/crashtests.list
+++ b/dom/animation/test/crashtests/crashtests.list
@@ -19,15 +19,16 @@ pref(dom.animations-api.core.enabled,tru
pref(dom.animations-api.core.enabled,true) load 1324554-1.html
pref(dom.animations-api.core.enabled,true) load 1325193-1.html
pref(dom.animations-api.core.enabled,true) load 1330190-1.html
pref(dom.animations-api.core.enabled,true) load 1330190-2.html
pref(dom.animations-api.core.enabled,true) load 1330513-1.html
pref(dom.animations-api.core.enabled,true) load 1333539-1.html
pref(dom.animations-api.core.enabled,true) load 1333539-2.html
pref(dom.animations-api.core.enabled,true) load 1334582-1.html
+pref(dom.animations-api.core.enabled,true) load 1334582-2.html
pref(dom.animations-api.core.enabled,true) load 1334583-1.html
pref(dom.animations-api.core.enabled,true) load 1335998-1.html
pref(dom.animations-api.core.enabled,true) load 1343589-1.html
pref(dom.animations-api.core.enabled,true) load 1359658-1.html
pref(dom.animations-api.core.enabled,true) load 1373712-1.html
pref(dom.animations-api.core.enabled,true) load 1379606-1.html
pref(dom.animations-api.core.enabled,true) load 1393605-1.html