Mercurial > mozreview > gecko / changeset / 527eb565e4a5aee7ba06b4f42c3a3e1e3f97a21a
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1411963 - Drop assertion about GetBaseValue not returning null in nsSMILCompositor::ComposeAttribute; r?dholbert draft
authorBrian Birtles <birtles@gmail.com>
Tue, 31 Oct 2017 16:22:04 +0900
changeset 689175 527eb565e4a5aee7ba06b4f42c3a3e1e3f97a21a
parent 689081 083a9c84fbd09a6ff9bfecabbf773650842fe1c0
child 738254 fde6aa136525a2391ac311fb0133be08c2e48515
push id86951
push userbmo:bbirtles@mozilla.com
push dateTue, 31 Oct 2017 07:24:27 +0000
reviewersdholbert
bugs1411963, 1353208
milestone58.0a1
Bug 1411963 - Drop assertion about GetBaseValue not returning null in nsSMILCompositor::ComposeAttribute; r?dholbert This assertion was originally added in bug 1353208 because in that bug we changed the type of nsSMILCompositor::mCachedBaseValue from nsAutoPtr<nsSMILValue> to just nsSMILValue. When using nsAutoPtr, mCachedBaseValue had two null states: one where the pointer is null, and one where the pointed-to nsSMILValue is null. Coalescing these two states simplifies the code but there is one case where the difference is significant as described in the commit message for that changeset (mozilla-central changeset ad7060dae117): "There's a subtle difference in behavior with regards to the first sample. Previously we would compare the (initially) null mCachedBaseValue pointer with the passed-in nsSMILValue and set mForceCompositing to true. With this patch, however, we will only set mForceCompositing to true if the passed-in mCachedBaseValue is not null." That is, if the base value we get back is a null nsSMILValue, previously we would set mForceCompositing to true unconditionally, but with the changes in bug 1353208 we would only set that to true if the passed-in nsSMILValue was not null. We believed that would never matter since the passed-in nsSMILValue would never be null if we called GetBaseValue. Quoting from that same commit message: "... if we do call GetBaseValue the result should not be a null nsSMILValue (except in some OOM cases where we don't really care if we miss a sample). This patch adds an assertion to check that GetBaseValue does, in fact, return a non-null value. (I checked the code and this appears to be the case. Even in error cases we typically return an empty nsSMILValue of a non-null type. For example, the early return in nsSMILCSSProperty::GetBaseValue() does this.)" We added an assertion to validate that assumption but the crashtest included in this patch demonstrates a case where it does not hold (specifically, when nsStyleUtil::CSPAllowsInlineStyle returns false, nsCSSProperty::GetBaseValue will return a null nsSMILValue). That would seem to suggest that there is at least one case where we might fail to set mForceIsCompositing to true and hence fail to update style on this first sample (and presumably thereonwards too since future comparisons of mCachedBaseValue will compare equal). However, for the case of an initial sample mForceCompositing should already be set to true since set we update mForceCompositing in nsSMILCompositor::GetFirstFuncToAffectSandwich() and will make it true if *anything* in the animation function has changed and at this point, the initial sample, *everything* will have changed. Hence, I believe dropping this assertion is acceptable. I have confirmed that in the crashtest in this patch, during the first sample mForceCompositing is set to true. I would create a reftest to test the behavior on the first sample but, at least for the specific case where inline style is disabled due to CSP, not updating style *is* the expected behavior so there will be no difference in behavior regardless of whether or not the mForceCompositing flag is set. MozReview-Commit-ID: Li0pZEH2PNl
dom/smil/crashtests/1411963-1.html file | annotate | diff | comparison | revisions
dom/smil/crashtests/crashtests.list file | annotate | diff | comparison | revisions
dom/smil/nsSMILCompositor.cpp file | annotate | diff | comparison | revisions 
new file mode 100644
--- /dev/null
+++ b/dom/smil/crashtests/1411963-1.html
@@ -0,0 +1,10 @@
+<html>
+  <head>
+    <script>
+      const o1 = document.createElement('div');
+      document.querySelector('script').appendChild(o1);
+      document.writeln("<svg><animate to attributeName='width'>");
+      o1.innerHTML = "<meta http-equiv='Content-Security-Policy' content=default-src>";
+    </script>
+  </head>
+</html>
--- a/dom/smil/crashtests/crashtests.list
+++ b/dom/smil/crashtests/crashtests.list
@@ -51,8 +51,9 @@ load 697640-1.svg
 load 699325-1.svg
 load 709907-1.svg
 load 720103-1.svg
 load 849593-1.xhtml
 load 1010681-1.svg
 load 1322849-1.svg
 load 1375596-1.svg
 load 1402547-1.html
+load 1411963-1.html
--- a/dom/smil/nsSMILCompositor.cpp
+++ b/dom/smil/nsSMILCompositor.cpp
@@ -87,18 +87,16 @@ nsSMILCompositor::ComposeAttribute(bool&
   // THIRD: Step backwards through animation functions to find out
   // which ones we actually care about.
   uint32_t firstFuncToCompose = GetFirstFuncToAffectSandwich();
 
   // FOURTH: Get & cache base value
   nsSMILValue sandwichResultValue;
   if (!mAnimationFunctions[firstFuncToCompose]->WillReplace()) {
     sandwichResultValue = smilAttr->GetBaseValue();
-    MOZ_ASSERT(!sandwichResultValue.IsNull(),
-               "Result of GetBaseValue should not be null");
   }
   UpdateCachedBaseValue(sandwichResultValue);
 
   if (!mForceCompositing) {
     return;
   }
 
   // FIFTH: Compose animation functions
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.