Source/core/animation/css/CSSAnimations.cpp - Issue 1308053002: blink: prevent bitarray overflow

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: Source/core/animation/css/CSSAnimations.cpp

Issue 1308053002: blink: prevent bitarray overflow (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: Source/core/animation/css/CSSAnimations.cpp

diff --git a/Source/core/animation/css/CSSAnimations.cpp b/Source/core/animation/css/CSSAnimations.cpp

index 493ae473deb86d8f27baadb9b1bd3d2361ffcc19..4227168ac314ba50446175d073945ce170211694 100644

--- a/Source/core/animation/css/CSSAnimations.cpp

+++ b/Source/core/animation/css/CSSAnimations.cpp

@@ -554,10 +554,11 @@ void CSSAnimations::calculateTransitionUpdate(CSSAnimationUpdate* update, const

// If not a shorthand we only execute one iteration of this loop, and refer to the property directly.

for (unsigned j = 0; !j || j < propertyList.length(); ++j) {

CSSPropertyID id = propertyList.length() ? propertyList.properties()[j] : property;

+ ASSERT(id >= firstCSSProperty);

if (!animateAll) {

if (CSSPropertyMetadata::isInterpolableProperty(id))

- listedProperties.set(id);

+ listedProperties.set(id - firstCSSProperty);

alancutter (OOO until 2018) 2015/08/24 00:34:06 No need to subtract firstCSSProperty when you have

else

continue;

}

@@ -576,7 +577,7 @@ void CSSAnimations::calculateTransitionUpdate(CSSAnimationUpdate* update, const

if (activeTransitions) {

for (const auto& entry : *activeTransitions) {

CSSPropertyID id = entry.key;

- if (!anyTransitionHadTransitionAll && !animationStyleRecalc && !listedProperties.get(id)) {

+ if (!anyTransitionHadTransitionAll && !animationStyleRecalc && !listedProperties.get(id - firstCSSProperty)) {

// TODO: Figure out why this fails on Chrome OS login page. crbug.com/365507

// ASSERT(animation.playStateInternal() == Animation::Finished || !(elementAnimations && elementAnimations->isAnimationStyleChange()));

update->cancelTransition(id);

« no previous file with comments | « no previous file | no next file » | no next file with comments »