Bug 138933

Summary: Crash when setting 'font' CSS property to 'calc(2 * 3)'
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: CSSAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, darin, kling, koivisto, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 138778    
Attachments:
Description Flags
Reproduction case
none
Patch none

Description Chris Dumez 2014-11-20 13:41:57 PST 
Created attachment 241975 [details]
Reproduction case

Crash when setting 'font' CSS property to 'calc(2 * 3)':

ASSERTION FAILED: !m_parsedCalculation
/Users/chris/WebKit/OpenSource/Source/WebCore/css/CSSParser.cpp(10000) : bool WebCore::CSSParser::parseCalculation(WebCore::CSSParserValue *, WebCore::CalculationPermittedValueRange)
1   0x10e0129a0 WTFCrash
2   0x10f95dccb WebCore::CSSParser::parseCalculation(WebCore::CSSParserValue*, WebCore::CalculationPermittedValueRange)
3   0x10f95d929 WebCore::CSSParser::validCalculationUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParser::ReleaseParsedCalcValueCondition)
4   0x10f95ddbe WebCore::CSSParser::validUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParserMode, WebCore::CSSParser::ReleaseParsedCalcValueCondition)
5   0x10f999dc8 WebCore::CSSParser::validUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParser::ReleaseParsedCalcValueCondition)
6   0x10f96a4e4 WebCore::CSSParser::parseFontSize(bool)
7   0x10f976fac WebCore::CSSParser::parseFont(bool)
8   0x10f963bd5 WebCore::CSSParser::parseValue(WebCore::CSSPropertyID, bool)
9   0x10f92a333 cssyyparse(WebCore::CSSParser*)
10  0x10f95b73e WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*)
11  0x10f95a977 WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserMode, WebCore::StyleSheetContents*)
12  0x11121e5ef WebCore::MutableStyleProperties::setProperty(WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*)
13  0x110bf5feb WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal(WebCore::CSSPropertyID, WTF::String const&, bool, int&)
14  0x1103e8db8 WebCore::JSCSSStyleDeclaration::putDelegate(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
15  0x1103e3f69 WebCore::JSCSSStyleDeclaration::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
16  0x10d9e4772 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
Comment 1 Chris Dumez 2014-11-20 15:43:53 PST 
Created attachment 241997 [details]
Patch
Comment 2 WebKit Commit Bot 2014-11-21 11:00:50 PST 
Comment on attachment 241997 [details]
Patch

Clearing flags on attachment: 241997

Committed r176454: <http://trac.webkit.org/changeset/176454>
Comment 3 WebKit Commit Bot 2014-11-21 11:00:57 PST 
All reviewed patches have been landed.  Closing bug.