Bug 138783

Summary: Crash when setting 'z-index' / 'flex-shrink' CSS properties to a calculated value
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: CSSAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 138778    
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2014-11-16 16:38:26 PST
Crash when setting 'z-index' CSS property to a calculated value, e.g. 'calc(2 * 3)' Backtrace: SHOULD NEVER BE REACHED /Users/chris/WebKit/OpenSource/Source/WebCore/css/CSSPrimitiveValueMappings.h(97) : int WebCore::CSSPrimitiveValue::operator int() const 1 0x1087ac770 WTFCrash 2 0x10a22ba3d WebCore::CSSPrimitiveValue::operator int<int>() const 3 0x10a22b836 WebCore::ApplyPropertyAuto<int, &(WebCore::RenderStyle::zIndex() const), &(WebCore::RenderStyle::setZIndex(int)), &(WebCore::RenderStyle::hasAutoZIndex() const), &(WebCore::RenderStyle::setHasAutoZIndex()), (WebCore::AutoValueType)0, 269>::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) 4 0x10b9deaab WebCore::PropertyHandler::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) const 5 0x10b9ceeb8 WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*) 6 0x10b9dc7e7 WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&) 7 0x10b9ce9ea WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int) 8 0x10b9cd137 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) 9 0x10b9cadc3 WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*) 10 0x10b9fc513 WebCore::Style::styleForElement(WebCore::Element&, WebCore::RenderStyle&) 11 0x10b9fa482 WebCore::Style::resolveLocal(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) 12 0x10b9f7ebd WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) 13 0x10b9f811b WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) 14 0x10b9f811b WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) 15 0x10b9f7d78 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) 16 0x10a280516 WebCore::Document::recalcStyle(WebCore::Style::Change) 17 0x10a27c6ff WebCore::Document::updateStyleIfNeeded() 18 0x10a2769e9 WebCore::Document::styleRecalcTimerFired(WebCore::Timer&)
Attachments
Patch (7.32 KB, patch)
2014-11-18 16:23 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2014-11-18 16:18:09 PST
*** Bug 138782 has been marked as a duplicate of this bug. ***
Chris Dumez
Comment 2 2014-11-18 16:23:20 PST
Created attachment 241828 [details] Patch
Andreas Kling
Comment 3 2014-11-18 16:38:56 PST
Comment on attachment 241828 [details] Patch r=me
WebKit Commit Bot
Comment 4 2014-11-18 18:05:26 PST
Comment on attachment 241828 [details] Patch Clearing flags on attachment: 241828 Committed r176301: <http://trac.webkit.org/changeset/176301>
WebKit Commit Bot
Comment 5 2014-11-18 18:05:32 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.