RESOLVED FIXED 108187
Assertion failure in RenderObject::drawLineForBoxSide 
https://bugs.webkit.org/show_bug.cgi?id=108187
Summary Assertion failure in RenderObject::drawLineForBoxSide
Renata Hodovan
Reported 2013-01-29 06:06:14 PST
During HTML fuzzing I've found the following assert: ASSERTION FAILED: y2 >= y1 /home/reni/repos/webkit2/Source/WebCore/rendering/RenderObject.cpp(1033) : void WebCore::RenderObject::drawLineForBoxSide(WebCore::GraphicsContext*, int, int, int, int, WebCore::BoxSide, WebCore::Color, WebCore::EBorderStyle, int, int, bool) Test case: <html> <body> Test for <a style="outline: solid; outline-offset: -70px;"</a>assertion. </body> </html>
Attachments
Patch (3.23 KB, patch)
2013-08-09 12:00 PDT, Rob Buis 		hyatt: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Rob Buis
Comment 1 2013-08-09 12:00:17 PDT
Created attachment 208445 [details] Patch
Darin Adler
Comment 2 2013-08-09 13:48:13 PDT
Comment on attachment 208445 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=208445&action=review > Source/WebCore/rendering/RenderInline.cpp:1479 > + if (pixelSnappedBox.isEmpty()) Is a zero-sized rect the only problematic case? What about a 1x1 rect?
Rob Buis
Comment 3 2013-08-09 15:21:39 PDT
(In reply to comment #2) > (From update of attachment 208445 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=208445&action=review > > > Source/WebCore/rendering/RenderInline.cpp:1479 > > + if (pixelSnappedBox.isEmpty()) > > Is a zero-sized rect the only problematic case? What about a 1x1 rect? I tried 1x1 size, then there is no problem since y() < maxY() (so y1 < y2) and the ASSERT will not be triggered. zero-sized rects but especially negative width/height rects are the problem here (due to the negative outline-offset).
Rob Buis
Comment 4 2013-08-14 10:01:25 PDT
Add hyatt for CC.
Dave Hyatt
Comment 5 2013-08-14 11:31:58 PDT
Comment on attachment 208445 [details] Patch r=me
Rob Buis
Comment 6 2013-08-14 12:20:00 PDT
Committed r154064: <http://trac.webkit.org/changeset/154064>
Note You need to log in before you can comment on or make changes to this bug.