Bug 260220

Summary: parent-style-relative-units.html crashes due to unhandled CSS_LHS
Product: WebKit Reporter: Matt Woodrow <mattwoodrow>
Component: TextAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ben_schwartz, mmaxfield, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Matt Woodrow 2023-08-15 14:10:38 PDT 
This test is setting the font size using a multiple of 'lh', and CSSPrimitiveValue::computeUnzoomedNonCalcLengthDouble doesn't handle CSS_LHS sizes.
Comment 1 Radar WebKit Bug Importer 2023-08-15 14:13:24 PDT 
<rdar://problem/113927760>
Comment 2 Ben Schwartz 2023-08-15 14:15:02 PDT 
Here's the bot-watcher check-in that I created, for reference.
____

imported/w3c/web-platform-tests/html/canvas/element/text/parent-style-relative-units.html

This test is a constant crash on debug builds, all platforms.

HISTORY:

https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fhtml%2Fcanvas%2Felement%2Ftext%2Fparent-style-relative-units.html

CRASH LOG / STDERR TEXT (sample):

SHOULD NEVER BE REACHED
/Volumes/Data/worker/Apple-Ventura-Debug-Build/build/Source/WebCore/css/CSSPrimitiveValue.cpp(712) : static double WebCore::CSSPrimitiveValue::computeUnzoomedNonCalcLengthDouble(WebCore::CSSUnitType, double, WebCore::CSSPropertyID, const WebCore::FontMetrics *, const WebCore::FontCascadeDescription *, const WebCore::FontCascadeDescription *, const WebCore::RenderView *)
1   0x1188e51d8 WTFCrash
2   0x1259ea380 WebCore::NetworkResourcesData::ResourceData::hasContent() const
3   0x124c86980 WebCore::CSSPrimitiveValue::computeUnzoomedNonCalcLengthDouble(WebCore::CSSUnitType, double, WebCore::CSSPropertyID, WebCore::FontMetrics const*, WebCore::FontCascadeDescription const*, WebCore::FontCascadeDescription const*, WebCore::RenderView const*)
...

CRASH LOG URL:

https://build.webkit.org/results/Apple-Ventura-Debug-AppleSilicon-WK1-Tests/266915@main%20(3181)/imported/w3c/web-platform-tests/html/canvas/element/text/parent-style-relative-units-crash-log.txt

REPRODUCIBILITY:

I was able to reproduce this bug on macOS Ventura wk2 debug ToT running the test as follows:

run-webkit-tests --debug --iterations 5 --verbose imported/w3c/web-platform-tests/html/canvas/element/text/parent-style-relative-units.html

REGRESSION:

This bug started with a WPT test import batch at 266711@main.
Comment 3 EWS 2023-08-15 14:46:11 PDT 
Test gardening commit 266926@main (1705f9ac717a): <https://commits.webkit.org/266926@main>

Reviewed commits have been landed. Closing PR #16720 and removing active labels.
Comment 4 Ben Schwartz 2023-08-15 16:54:19 PDT 
I have skipped this test while the issue is being investigated. (PR link: https://github.com/WebKit/WebKit/pull/16720)