Bug 138783

Summary: Crash when setting 'z-index' / 'flex-shrink' CSS properties to a calculated value
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: CSSAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 138778    
Attachments:
Description Flags
Patch none

Description Chris Dumez 2014-11-16 16:38:26 PST 
Crash when setting 'z-index' CSS property to a calculated value, e.g. 'calc(2 * 3)'

Backtrace:
SHOULD NEVER BE REACHED
/Users/chris/WebKit/OpenSource/Source/WebCore/css/CSSPrimitiveValueMappings.h(97) : int WebCore::CSSPrimitiveValue::operator int() const
1   0x1087ac770 WTFCrash
2   0x10a22ba3d WebCore::CSSPrimitiveValue::operator int<int>() const
3   0x10a22b836 WebCore::ApplyPropertyAuto<int, &(WebCore::RenderStyle::zIndex() const), &(WebCore::RenderStyle::setZIndex(int)), &(WebCore::RenderStyle::hasAutoZIndex() const), &(WebCore::RenderStyle::setHasAutoZIndex()), (WebCore::AutoValueType)0, 269>::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*)
4   0x10b9deaab WebCore::PropertyHandler::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) const
5   0x10b9ceeb8 WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*)
6   0x10b9dc7e7 WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&)
7   0x10b9ce9ea WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int)
8   0x10b9cd137 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache)
9   0x10b9cadc3 WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*)
10  0x10b9fc513 WebCore::Style::styleForElement(WebCore::Element&, WebCore::RenderStyle&)
11  0x10b9fa482 WebCore::Style::resolveLocal(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change)
12  0x10b9f7ebd WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change)
13  0x10b9f811b WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change)
14  0x10b9f811b WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change)
15  0x10b9f7d78 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change)
16  0x10a280516 WebCore::Document::recalcStyle(WebCore::Style::Change)
17  0x10a27c6ff WebCore::Document::updateStyleIfNeeded()
18  0x10a2769e9 WebCore::Document::styleRecalcTimerFired(WebCore::Timer&)
Comment 1 Chris Dumez 2014-11-18 16:18:09 PST 
*** Bug 138782 has been marked as a duplicate of this bug. ***
Comment 2 Chris Dumez 2014-11-18 16:23:20 PST 
Created attachment 241828 [details]
Patch
Comment 3 Andreas Kling 2014-11-18 16:38:56 PST 
Comment on attachment 241828 [details]
Patch

r=me
Comment 4 WebKit Commit Bot 2014-11-18 18:05:26 PST 
Comment on attachment 241828 [details]
Patch

Clearing flags on attachment: 241828

Committed r176301: <http://trac.webkit.org/changeset/176301>
Comment 5 WebKit Commit Bot 2014-11-18 18:05:32 PST 
All reviewed patches have been landed.  Closing bug.