Bug 240677

Summary: Need to keep the document alive in KeyframeEffect::processKeyframes()
Product: WebKit Reporter: Antoine Quint <graouts>
Component: AnimationsAssignee: Antoine Quint <graouts>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, dino, graouts, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Antoine Quint 2022-05-19 11:32:48 PDT 
Since we use the provided Document in KeyframeEffect::processKeyframes() and it's just a reference, we should ensure it's kept alive while this method is called.
Comment 1 Antoine Quint 2022-05-19 11:33:04 PDT 
rdar://93513759
Comment 2 Antoine Quint 2022-05-19 11:41:15 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/796
Comment 3 Antoine Quint 2022-05-19 11:42:53 PDT 
Landed https://commits.webkit.org/250756@main (r294497)!
Comment 4 Darin Adler 2022-05-19 12:48:45 PDT 
We are really going to have to discuss this as a team. Our overall strategy was supposed to be that callers have to ref/deref things, not that functions must protect the things they are passed. So the caller is supposed to ref/deref the document, not the processKeyframes function. But maybe that strategy is impractical, since even a Node's document is not ref'd if the Node is moved to another document?

If we do need to "protect" things then we need a discipline for knowing when it’s needed.