138933 2014-11-20 13:41:57 -0800 Crash when setting 'font' CSS property to 'calc(2 * 3)' 2014-11-21 11:00:57 -0800 1 1 1 Unclassified WebKit CSS 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 138778 1 cdumez cdumez benjamin commit-queue darin kling koivisto sam oldest_to_newest 1050225 0 241975 cdumez 2014-11-20 13:41:57 -0800 Created attachment 241975 Reproduction case Crash when setting 'font' CSS property to 'calc(2 * 3)': ASSERTION FAILED: !m_parsedCalculation /Users/chris/WebKit/OpenSource/Source/WebCore/css/CSSParser.cpp(10000) : bool WebCore::CSSParser::parseCalculation(WebCore::CSSParserValue *, WebCore::CalculationPermittedValueRange) 1 0x10e0129a0 WTFCrash 2 0x10f95dccb WebCore::CSSParser::parseCalculation(WebCore::CSSParserValue*, WebCore::CalculationPermittedValueRange) 3 0x10f95d929 WebCore::CSSParser::validCalculationUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParser::ReleaseParsedCalcValueCondition) 4 0x10f95ddbe WebCore::CSSParser::validUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParserMode, WebCore::CSSParser::ReleaseParsedCalcValueCondition) 5 0x10f999dc8 WebCore::CSSParser::validUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParser::ReleaseParsedCalcValueCondition) 6 0x10f96a4e4 WebCore::CSSParser::parseFontSize(bool) 7 0x10f976fac WebCore::CSSParser::parseFont(bool) 8 0x10f963bd5 WebCore::CSSParser::parseValue(WebCore::CSSPropertyID, bool) 9 0x10f92a333 cssyyparse(WebCore::CSSParser*) 10 0x10f95b73e WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*) 11 0x10f95a977 WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserMode, WebCore::StyleSheetContents*) 12 0x11121e5ef WebCore::MutableStyleProperties::setProperty(WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*) 13 0x110bf5feb WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal(WebCore::CSSPropertyID, WTF::String const&, bool, int&) 14 0x1103e8db8 WebCore::JSCSSStyleDeclaration::putDelegate(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 15 0x1103e3f69 WebCore::JSCSSStyleDeclaration::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 16 0x10d9e4772 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 1050292 1 241997 cdumez 2014-11-20 15:43:53 -0800 Created attachment 241997 Patch 1050502 2 241997 commit-queue 2014-11-21 11:00:50 -0800 Comment on attachment 241997 Patch Clearing flags on attachment: 241997 Committed r176454: <http://trac.webkit.org/changeset/176454> 1050503 3 commit-queue 2014-11-21 11:00:57 -0800 All reviewed patches have been landed. Closing bug. 241975 2014-11-20 13:41:57 -0800 2014-11-20 13:41:57 -0800 Reproduction case font-calculated-value.html text/html 562 cdumez PCFET0NUWVBFIGh0bWw+Cjxib2R5Pgo8c2NyaXB0IHNyYz0iLi4vLi4vcmVzb3VyY2VzL2pzLXRl c3QtcHJlLmpzIj48L3NjcmlwdD4KPGRpdiBpZD0idGVzdERpdiIiPjwvZGl2Pgo8c2NyaXB0Pgpk ZXNjcmlwdGlvbigiVGVzdHMgYXNzaWduaW5nIGEgY2FsY3VsYXRlZCB2YWx1ZSB0byAnZm9udCcg Q1NTIHByb3BlcnR5LiIpOwoKdmFyIHRlc3REaXYgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgi dGVzdERpdiIpOwoKc2hvdWxkQmVFbXB0eVN0cmluZygidGVzdERpdi5zdHlsZVsnZm9udCddIik7 CmV2YWxBbmRMb2coInRlc3REaXYuc3R5bGVbJ2ZvbnQnXSA9ICdjYWxjKDIgKiAzKSciKTsKc2hv dWxkQmVFcXVhbFRvU3RyaW5nKCJ0ZXN0RGl2LnN0eWxlWydmb250J10iLCAiY2FsYyg2KSIpOwpz aG91bGRCZUVxdWFsVG9TdHJpbmcoIndpbmRvdy5nZXRDb21wdXRlZFN0eWxlKHRlc3REaXYpLmdl dFByb3BlcnR5VmFsdWUoJ2ZvbnQnKSIsICI2Iik7Cgo8L3NjcmlwdD4KPHNjcmlwdCBzcmM9Ii4u Ly4uL3Jlc291cmNlcy9qcy10ZXN0LXBvc3QuanMiPjwvc2NyaXB0Pgo8L2JvZHk+Cg== 241997 2014-11-20 15:43:53 -0800 2014-11-21 11:00:50 -0800 Patch bug-138933-20141120154408.patch text/plain 4505 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMTc2NDA4CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNjYyYzU0YTdlMjRmYWE0 ZTg5ZTUxYWM1ZWY3Y2RjMmQ3ZGYzNGZkMi4uMjRmNGVhOGFhZWU2ZmZmZWU2Njg3NGJkMmQwNzgy YjU3ZjQ5NjJkZSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIyIEBACisyMDE0LTExLTIwICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgQ3Jhc2ggd2hlbiBzZXR0aW5n ICdmb250JyBDU1MgcHJvcGVydHkgdG8gJ2NhbGMoMiAqIDMpJworICAgICAgICBodHRwczovL2J1 Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTM4OTMzCisKKyAgICAgICAgUmV2aWV3ZWQg YnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVGhlIENTUyBQYXJzZXIgd2FzIG5vdCBoYW5k bGluZyBjYWxjdWxhdGVkIHZhbHVlcyB3aGVuIHBhcnNpbmcgdGhlIGZvbnQKKyAgICAgICAgd2Vp Z2h0LiBUaGlzIHdvdWxkIGxlYWQgdXMgdG8gaGl0IGFuIGFzc2VydGlvbiB3aGVuIHBhcnNpbmcg YSBmb250CisgICAgICAgIHByb3BlcnR5IHdob3NlIHdlaWdodCBpcyBzZXQgdG8gYSBjYWxjdWxh dGVkIHZhbHVlLgorCisgICAgICAgIFRoaXMgcGF0Y2ggdXBkYXRlcyBwYXJzZUZvbnRXZWlnaHQo KSB0byBwcm9wZXJseSBoYW5kbGUgY2FsY3VsYXRlZAorICAgICAgICB2YWx1ZXMuCisKKyAgICAg ICAgVGVzdDogZmFzdC9jc3MvZm9udC1jYWxjdWxhdGVkLXZhbHVlLmh0bWwKKworICAgICAgICAq IGNzcy9DU1NQYXJzZXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6Q1NTUGFyc2VyOjpwYXJzZUZv bnRXZWlnaHQpOgorCiAyMDE0LTExLTE5ICBBZGEgQ2hhbiAgPGFkYWNoYW5AYXBwbGUuY29tPgog CiAgICAgICAgIEFkZCBhIHdheSB0byBtdXRlIGFuIEF1ZGlvQ29udGV4dC4KZGlmZiAtLWdpdCBh L1NvdXJjZS9XZWJDb3JlL2Nzcy9DU1NQYXJzZXIuY3BwIGIvU291cmNlL1dlYkNvcmUvY3NzL0NT U1BhcnNlci5jcHAKaW5kZXggYzE0MmM2MzIxMGFmN2QzNWQyZTEwNTllZjhhMzg3YzczYjI0OTA4 MC4uOWVjMjE3ODk0OTkxZDEzZjNlYTY4NDY1NDA1Y2Q4MWY0ZmQzYmI2YiAxMDA2NDQKLS0tIGEv U291cmNlL1dlYkNvcmUvY3NzL0NTU1BhcnNlci5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvY3Nz L0NTU1BhcnNlci5jcHAKQEAgLTY0NDgsNyArNjQ0OCw3IEBAIGJvb2wgQ1NTUGFyc2VyOjpwYXJz ZUZvbnRXZWlnaHQoYm9vbCBpbXBvcnRhbnQpCiAgICAgICAgIHJldHVybiB0cnVlOwogICAgIH0K ICAgICBpZiAodmFsaWRVbml0KHZhbHVlLCBGSW50ZWdlciB8IEZOb25OZWcsIENTU1F1aXJrc01v ZGUpKSB7Ci0gICAgICAgIGludCB3ZWlnaHQgPSBzdGF0aWNfY2FzdDxpbnQ+KHZhbHVlLT5mVmFs dWUpOworICAgICAgICBpbnQgd2VpZ2h0ID0gc3RhdGljX2Nhc3Q8aW50PihwYXJzZWREb3VibGUo dmFsdWUsIFJlbGVhc2VQYXJzZWRDYWxjVmFsdWUpKTsKICAgICAgICAgaWYgKCEod2VpZ2h0ICUg MTAwKSAmJiB3ZWlnaHQgPj0gMTAwICYmIHdlaWdodCA8PSA5MDApIHsKICAgICAgICAgICAgIGFk ZFByb3BlcnR5KENTU1Byb3BlcnR5Rm9udFdlaWdodCwgY3NzVmFsdWVQb29sKCkuY3JlYXRlSWRl bnRpZmllclZhbHVlKGNyZWF0ZUZvbnRXZWlnaHRWYWx1ZUtleXdvcmQod2VpZ2h0KSksIGltcG9y dGFudCk7CiAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKZGlmZiAtLWdpdCBhL0xheW91dFRlc3Rz L0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwppbmRleCBlNmZjMTM0NGJmYWRlOWUx N2RkNWZjNjM5MjcwZGFjOGJmZDlmZTkyLi5hYjRhYzRjMTVjYzU0MTQxNTFjMGVmMDVkNjMxYWZl NWM0NGY0NTA4IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0 VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTQtMTEtMjAgIENocmlzIER1bWV6 ICA8Y2R1bWV6QGFwcGxlLmNvbT4KKworICAgICAgICBDcmFzaCB3aGVuIHNldHRpbmcgJ2ZvbnQn IENTUyBwcm9wZXJ0eSB0byAnY2FsYygyICogMyknCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJr aXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMzg5MzMKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JP RFkgKE9PUFMhKS4KKworICAgICAgICBBZGQgYSBsYXlvdXQgdGVzdCB0byBjb3ZlciB0aGUgY2Fz ZSB3aGVyZSB0aGUgJ2ZvbnQnIENTUyBwcm9wZXJ0eSBpcworICAgICAgICBzZXQgdG8gYSB2YWx1 ZSB3aG9zZSB3ZWlnaHQgaXMgYSBjYWxjdWxhdGVkIHZhbHVlLCB0byBtYWtlIHN1cmUgaXQKKyAg ICAgICAgZG9lcyBub3QgY3Jhc2ggYW5kIGJlaGF2ZXMgYXMgaW50ZW5kZWQuCisKKyAgICAgICAg KiBmYXN0L2Nzcy9mb250LWNhbGN1bGF0ZWQtdmFsdWUtZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAg ICAgICAgKiBmYXN0L2Nzcy9mb250LWNhbGN1bGF0ZWQtdmFsdWUuaHRtbDogQWRkZWQuCisKIDIw MTQtMTEtMjAgIEVyaWMgQ2FybHNvbiAgPGVyaWMuY2FybHNvbkBhcHBsZS5jb20+CiAKICAgICAg ICAgVXBkYXRlIG1lZGlhL3RyYWNrL3RyYWNrLWluLWJhbmQtY3Vlcy1hZGRlZC1vbmNlLmh0bWwg dG8gbWFrZSBmYWlsdXJlcyBlYXNpZXIgdG8gZGlhZ25vc2UKZGlmZiAtLWdpdCBhL0xheW91dFRl c3RzL2Zhc3QvY3NzL2ZvbnQtY2FsY3VsYXRlZC12YWx1ZS1leHBlY3RlZC50eHQgYi9MYXlvdXRU ZXN0cy9mYXN0L2Nzcy9mb250LWNhbGN1bGF0ZWQtdmFsdWUtZXhwZWN0ZWQudHh0Cm5ldyBmaWxl IG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAuLjJiN2JmNTVjYzM1ZDMxNDNmMjNlMDk1Mjk1OTRkODlkY2U3MjVlYjUKLS0tIC9kZXYvbnVs bAorKysgYi9MYXlvdXRUZXN0cy9mYXN0L2Nzcy9mb250LWNhbGN1bGF0ZWQtdmFsdWUtZXhwZWN0 ZWQudHh0CkBAIC0wLDAgKzEsMTMgQEAKK1Rlc3RzIGFzc2lnbmluZyBhIGNhbGN1bGF0ZWQgdmFs dWUgdG8gJ2ZvbnQnIENTUyBwcm9wZXJ0eS4KKworT24gc3VjY2VzcywgeW91IHdpbGwgc2VlIGEg c2VyaWVzIG9mICJQQVNTIiBtZXNzYWdlcywgZm9sbG93ZWQgYnkgIlRFU1QgQ09NUExFVEUiLgor CisKK1BBU1MgdGVzdERpdi5zdHlsZVsnZm9udCddIGlzICIiCit0ZXN0RGl2LnN0eWxlWydmb250 J10gPSAnaXRhbGljIHNtYWxsLWNhcHMgY2FsYygxMDAgKiA5KSAxMnB4IGFyaWFsJworUEFTUyB0 ZXN0RGl2LnN0eWxlWydmb250J10gaXMgIml0YWxpYyBzbWFsbC1jYXBzIDkwMCAxMnB4IGFyaWFs IgorUEFTUyB3aW5kb3cuZ2V0Q29tcHV0ZWRTdHlsZSh0ZXN0RGl2KS5nZXRQcm9wZXJ0eVZhbHVl KCdmb250JykgaXMgIml0YWxpYyBzbWFsbC1jYXBzIDkwMCAxMnB4L25vcm1hbCBhcmlhbCIKK1BB U1Mgc3VjY2Vzc2Z1bGx5UGFyc2VkIGlzIHRydWUKKworVEVTVCBDT01QTEVURQorCmRpZmYgLS1n aXQgYS9MYXlvdXRUZXN0cy9mYXN0L2Nzcy9mb250LWNhbGN1bGF0ZWQtdmFsdWUuaHRtbCBiL0xh eW91dFRlc3RzL2Zhc3QvY3NzL2ZvbnQtY2FsY3VsYXRlZC12YWx1ZS5odG1sCm5ldyBmaWxlIG1v ZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAu LmZjYjY1OTg0NzEzMjk2NTBmYTNhYjY5MTBhZWVlYTE3NTkwYjMzOTAKLS0tIC9kZXYvbnVsbAor KysgYi9MYXlvdXRUZXN0cy9mYXN0L2Nzcy9mb250LWNhbGN1bGF0ZWQtdmFsdWUuaHRtbApAQCAt MCwwICsxLDE3IEBACis8IURPQ1RZUEUgaHRtbD4KKzxib2R5PgorPHNjcmlwdCBzcmM9Ii4uLy4u L3Jlc291cmNlcy9qcy10ZXN0LXByZS5qcyI+PC9zY3JpcHQ+Cis8ZGl2IGlkPSJ0ZXN0RGl2IiI+ PC9kaXY+Cis8c2NyaXB0PgorZGVzY3JpcHRpb24oIlRlc3RzIGFzc2lnbmluZyBhIGNhbGN1bGF0 ZWQgdmFsdWUgdG8gJ2ZvbnQnIENTUyBwcm9wZXJ0eS4iKTsKKwordmFyIHRlc3REaXYgPSBkb2N1 bWVudC5nZXRFbGVtZW50QnlJZCgidGVzdERpdiIpOworCitzaG91bGRCZUVtcHR5U3RyaW5nKCJ0 ZXN0RGl2LnN0eWxlWydmb250J10iKTsKK2V2YWxBbmRMb2coInRlc3REaXYuc3R5bGVbJ2ZvbnQn XSA9ICdpdGFsaWMgc21hbGwtY2FwcyBjYWxjKDEwMCAqIDkpIDEycHggYXJpYWwnIik7CitzaG91 bGRCZUVxdWFsVG9TdHJpbmcoInRlc3REaXYuc3R5bGVbJ2ZvbnQnXSIsICJpdGFsaWMgc21hbGwt Y2FwcyA5MDAgMTJweCBhcmlhbCIpOworc2hvdWxkQmVFcXVhbFRvU3RyaW5nKCJ3aW5kb3cuZ2V0 Q29tcHV0ZWRTdHlsZSh0ZXN0RGl2KS5nZXRQcm9wZXJ0eVZhbHVlKCdmb250JykiLCAiaXRhbGlj IHNtYWxsLWNhcHMgOTAwIDEycHgvbm9ybWFsIGFyaWFsIik7CisKKzwvc2NyaXB0PgorPHNjcmlw dCBzcmM9Ii4uLy4uL3Jlc291cmNlcy9qcy10ZXN0LXBvc3QuanMiPjwvc2NyaXB0PgorPC9ib2R5 Pgo=