New issue
Advanced search Search tips

Issue 684234 link

Starred by 1 user
Status: Fixed
Owner:
alancutter@chromium.org
Closed: Jan 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug-Regression



Sign in to add a comment

Check failed: m_cssValue when animating custom property with neutral keyframe

Project Member Reported by alancutter@chromium.org, Jan 24 2017 
Test case:
<div id="target"></div>
<script>
CSS.registerProperty({name: '--x'});
target.animate({'--x': 'test'}, 1);
getComputedStyle(target).getPropertyValue('--x');
</script>



Crash:
[1:1:0124/133510.048339:1825476545854:FATAL:CSSValueInterpolationType.cpp(31)] Check failed: m_cssValue.
 
#0 0x7f586b30e90e base::debug::StackTrace::StackTrace()
#1 0x7f586b332e0b logging::LogMessage::~LogMessage()
#2 0x7f5866beda5f blink::CSSValueNonInterpolableValue::create()
#3 0x7f5866bed925 blink::CSSValueInterpolationType::maybeConvertValue()
#4 0x7f5866bd6f9c blink::CSSInterpolationType::maybeConvertUnderlyingValue()
#5 0x7f5866c03354 blink::InvalidatableInterpolation::maybeConvertUnderlyingValue()
#6 0x7f5866c04025 blink::InvalidatableInterpolation::applyStack()
#7 0x7f5866dceeec blink::StyleResolver::applyAnimatedProperties<>()
#8 0x7f5866dcdde7 blink::StyleResolver::applyCustomProperties()
#9 0x7f5866dcabe5 blink::StyleResolver::applyMatchedPropertiesAndCustomPropertyAnimations()
#10 0x7f5866dca5a1 blink::StyleResolver::styleForElement()


This only repros with experimental features enabled.
Project Member

Comment 1 by bugdroid1@chromium.org, Jan 25 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f2ec8922cbe5f632a937cf242faf5f23c0d1b3ff

commit f2ec8922cbe5f632a937cf242faf5f23c0d1b3ff
Author: alancutter <alancutter@chromium.org>
Date: Wed Jan 25 06:21:50 2017

Add null check to animations for registered custom property initial values

After a recent change to CSSInterpolationType for registered custom properties
it was assumed that all registered custom properties had initial CSSValues.
This is not the case and null derefs were reachable. This patch fixes up
the false assumption.

BUG= 684234 

Review-Url: https://codereview.chromium.org/2649863006
Cr-Commit-Position: refs/heads/master@{#445969}

[add] https://crrev.com/f2ec8922cbe5f632a937cf242faf5f23c0d1b3ff/third_party/WebKit/LayoutTests/animations/custom-properties/empty-initial-value-crash.html
[modify] https://crrev.com/f2ec8922cbe5f632a937cf242faf5f23c0d1b3ff/third_party/WebKit/Source/core/animation/CSSInterpolationType.cpp
Project Member

Comment 2 by bugdroid1@chromium.org, Jan 25 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/af23a0c634f77c940bc54aea0c92880c1f3c4e6c

commit af23a0c634f77c940bc54aea0c92880c1f3c4e6c
Author: sigbjornf <sigbjornf@opera.com>
Date: Wed Jan 25 11:12:45 2017

Revert of Add null check to animations for registered custom property initial values (patchset #2 id:20001 of https://codereview.chromium.org/2649863006/ )

Reason for revert:
This goes together with the revert https://codereview.chromium.org/2649103008/ ; looks like the two CLs didn't match up,

 https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Mac10.10/builds/29275

(Hope the double revert doesn't cause too much work.)

Original issue's description:
> Add null check to animations for registered custom property initial values
>
> After a recent change to CSSInterpolationType for registered custom properties
> it was assumed that all registered custom properties had initial CSSValues.
> This is not the case and null derefs were reachable. This patch fixes up
> the false assumption.
>
> BUG= 684234 
>
> Review-Url: https://codereview.chromium.org/2649863006
> Cr-Commit-Position: refs/heads/master@{#445969}
> Committed: https://chromium.googlesource.com/chromium/src/+/f2ec8922cbe5f632a937cf242faf5f23c0d1b3ff

TBR=ericwilligers@chromium.org,alancutter@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 684234 

Review-Url: https://codereview.chromium.org/2650403002
Cr-Commit-Position: refs/heads/master@{#445996}

[delete] https://crrev.com/5fba2166ddb709508371545bdb88a9c87929615d/third_party/WebKit/LayoutTests/animations/custom-properties/empty-initial-value-crash.html
[modify] https://crrev.com/af23a0c634f77c940bc54aea0c92880c1f3c4e6c/third_party/WebKit/Source/core/animation/CSSInterpolationType.cpp
Project Member

Comment 3 by bugdroid1@chromium.org, Jan 30 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1f1de2e98a13bae871ef18de230ec8ff45965eaf

commit 1f1de2e98a13bae871ef18de230ec8ff45965eaf
Author: alancutter <alancutter@chromium.org>
Date: Mon Jan 30 22:47:30 2017

Add null check to animations for registered custom property initial values

After a recent change to CSSInterpolationType for registered custom properties
it was assumed that all registered custom properties had initial CSSValues.
This is not the case and null derefs were reachable. This patch fixes up
the false assumption.

BUG= 684234 , 685472 

Review-Url: https://codereview.chromium.org/2649863006
Cr-Original-Commit-Position: refs/heads/master@{#445969}
Committed: https://chromium.googlesource.com/chromium/src/+/f2ec8922cbe5f632a937cf242faf5f23c0d1b3ff
Review-Url: https://codereview.chromium.org/2649863006
Cr-Commit-Position: refs/heads/master@{#447095}

[add] https://crrev.com/1f1de2e98a13bae871ef18de230ec8ff45965eaf/third_party/WebKit/LayoutTests/animations/custom-properties/empty-initial-value-crash.html
[modify] https://crrev.com/1f1de2e98a13bae871ef18de230ec8ff45965eaf/third_party/WebKit/Source/core/animation/CSSInterpolationType.cpp

Comment 4 by alancutter@chromium.org, Jan 30 2017

Status: Fixed (was: Started)

Sign in to add a comment