RESOLVED FIXED Bug 116715
ASSERTION FAILED: type() == Percent in WebCore::Length::percent 
https://bugs.webkit.org/show_bug.cgi?id=116715
Summary ASSERTION FAILED: type() == Percent in WebCore::Length::percent
Renata Hodovan
Reported 2013-05-24 02:41:06 PDT
Created attachment 202795 [details] Test case The attached test throws an ASSERTION FAILURE in debug webkit. The parser accepts the style definition: style="width: -webkit-calc(100% + -100px);" what probably should not do. #0 0x00007ffff5758c3d in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339 #1 0x00007ffff409c4d3 in WebCore::Length::percent (this=0x7fffffffaf60) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/Length.h:139 #2 0x00007ffff484dfa9 in WebCore::AutoTableLayout::calcEffectiveLogicalWidth (this=0x8d3f90) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/AutoTableLayout.cpp:345 #3 0x00007ffff484d68e in WebCore::AutoTableLayout::computeIntrinsicLogicalWidths (this=0x8d3f90, minWidth=..., maxWidth=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/AutoTableLayout.cpp:217 #4 0x00007ffff4a15149 in WebCore::RenderTable::computeIntrinsicLogicalWidths (this=0x8d2d18, minWidth=..., maxWidth=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTable.cpp:740 #5 0x00007ffff4a151bd in WebCore::RenderTable::computePreferredLogicalWidths (this=0x8d2d18) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTable.cpp:749 #6 0x00007ffff4900517 in WebCore::RenderBox::maxPreferredLogicalWidth (this=0x8d2d18) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBox.cpp:861 #7 0x00007ffff4a11fde in WebCore::RenderTable::updateLogicalWidth (this=0x8d2d18) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTable.cpp:273 #8 0x00007ffff4a12f6a in WebCore::RenderTable::layout (this=0x8d2d18) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderTable.cpp:414 #9 0x00007ffff48a3b1c in WebCore::RenderBlock::layoutBlockChild (this=0x88d4b8, child=0x8d2d18, marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:2621
Attachments
Test case (146 bytes, text/html)
2013-05-24 02:41 PDT, Renata Hodovan 		no flags
Details
Patch (3.74 KB, patch)
2013-08-12 09:27 PDT, Zan Dobersek 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Zan Dobersek
Comment 1 2013-07-02 00:01:49 PDT
Length::isPercent returns true if the Length object has type of either Percent or Calculated. Length::percent asserts that the type must be Percent. Should the assert in Length::percent (where the current crash occurs) allow the Calculated type as well?
Zan Dobersek
Comment 2 2013-07-02 00:12:27 PDT
Bug #79621 introduced the Calculated type and started treating Length objects of that type as if having a percent value. http://trac.webkit.org/changeset/110148
Zan Dobersek
Comment 3 2013-08-12 09:27:27 PDT
Created attachment 208546 [details] Patch
Darin Adler
Comment 4 2013-08-12 09:59:09 PDT
Comment on attachment 208546 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=208546&action=review > Source/WebCore/platform/Length.h:139 > + ASSERT(type() == Percent || type() == Calculated); I think it would be clearer to do: ASSERT(isPercent());
Zan Dobersek
Comment 5 2013-08-13 03:44:10 PDT
Landed in r153981. http://trac.webkit.org/changeset/153981
Note You need to log in before you can comment on or make changes to this bug.