Bug 116715 - ASSERTION FAILED: type() == Percent in WebCore::Length::percent
Summary: ASSERTION FAILED: type() == Percent in WebCore::Length::percent
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tables (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Zan Dobersek
URL:
Keywords:
Depends on:
Blocks: 116980
  Show dependency treegraph
 
Reported: 2013-05-24 02:41 PDT by Renata Hodovan
Modified: 2013-08-13 03:44 PDT (History)
4 users (show)

See Also:

Attachments
Test case (146 bytes, text/html)
2013-05-24 02:41 PDT, Renata Hodovan 		no flags Details
Patch (3.74 KB, patch)
2013-08-12 09:27 PDT, Zan Dobersek 		darin: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renata Hodovan 2013-05-24 02:41:06 PDT 
Created attachment 202795 [details]
Test case

The attached test throws an ASSERTION FAILURE in debug webkit.

The parser accepts the style definition: style="width: -webkit-calc(100% +   -100px);" what probably should not do.

#0  0x00007ffff5758c3d in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
#1  0x00007ffff409c4d3 in WebCore::Length::percent (this=0x7fffffffaf60) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/Length.h:139
#2  0x00007ffff484dfa9 in WebCore::AutoTableLayout::calcEffectiveLogicalWidth (this=0x8d3f90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/AutoTableLayout.cpp:345
#3  0x00007ffff484d68e in WebCore::AutoTableLayout::computeIntrinsicLogicalWidths (this=0x8d3f90, minWidth=..., maxWidth=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/AutoTableLayout.cpp:217
#4  0x00007ffff4a15149 in WebCore::RenderTable::computeIntrinsicLogicalWidths (this=0x8d2d18, minWidth=..., maxWidth=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTable.cpp:740
#5  0x00007ffff4a151bd in WebCore::RenderTable::computePreferredLogicalWidths (this=0x8d2d18)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTable.cpp:749
#6  0x00007ffff4900517 in WebCore::RenderBox::maxPreferredLogicalWidth (this=0x8d2d18)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBox.cpp:861
#7  0x00007ffff4a11fde in WebCore::RenderTable::updateLogicalWidth (this=0x8d2d18)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTable.cpp:273
#8  0x00007ffff4a12f6a in WebCore::RenderTable::layout (this=0x8d2d18) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTable.cpp:414
#9  0x00007ffff48a3b1c in WebCore::RenderBlock::layoutBlockChild (this=0x88d4b8, child=0x8d2d18, marginInfo=..., previousFloatLogicalBottom=..., 
    maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2621
Comment 1 Zan Dobersek 2013-07-02 00:01:49 PDT 
Length::isPercent returns true if the Length object has type of either Percent or Calculated. Length::percent asserts that the type must be Percent.

Should the assert in Length::percent (where the current crash occurs) allow the Calculated type as well?
Comment 2 Zan Dobersek 2013-07-02 00:12:27 PDT 
Bug #79621 introduced the Calculated type and started treating Length objects of that type as if having a percent value.
http://trac.webkit.org/changeset/110148
Comment 3 Zan Dobersek 2013-08-12 09:27:27 PDT 
Created attachment 208546 [details]
Patch
Comment 4 Darin Adler 2013-08-12 09:59:09 PDT 
Comment on attachment 208546 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=208546&action=review

> Source/WebCore/platform/Length.h:139
> +        ASSERT(type() == Percent || type() == Calculated);

I think it would be clearer to do:

    ASSERT(isPercent());
Comment 5 Zan Dobersek 2013-08-13 03:44:10 PDT 
Landed in r153981.
http://trac.webkit.org/changeset/153981