Bug 130542 - Inline style allows numbers with scientific notations without further checking: assert!
Summary: Inline style allows numbers with scientific notations without further checkin...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-20 15:54 PDT by Dirk Schulze
Modified: 2014-03-20 19:15 PDT (History)
5 users (show)

See Also:

Attachments
Example - assertion (99 bytes, text/html)
2014-03-20 15:54 PDT, Dirk Schulze 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Schulze 2014-03-20 15:54:29 PDT 
Created attachment 227349 [details]
Example - assertion

The parsing for setting inline style with JS seems to differ from markup parsing. The following is interpreted as number with scientific notation: 2e500

The numbers seem not to be checked for overflow:

document.getElementsByTagName('div')[0].style.marginTop = '2e500px';

causes an ASSERT:

ASSERTION FAILED: std::isfinite(num)
CSSPrimitiveValue.cpp(259) : WebCore::CSSPrimitiveValue::CSSPrimitiveValue(double, WebCore::CSSPrimitiveValue::UnitTypes)
1   0x1059f0a30 WTFCrash
2   0x107548bec WebCore::CSSPrimitiveValue::CSSPrimitiveValue(double, WebCore::CSSPrimitiveValue::UnitTypes)
3   0x107548af5 WebCore::CSSPrimitiveValue::CSSPrimitiveValue(double, WebCore::CSSPrimitiveValue::UnitTypes)
4   0x10744e5d1 WebCore::CSSPrimitiveValue::create(double, WebCore::CSSPrimitiveValue::UnitTypes)
5   0x107593c94 WebCore::CSSValuePool::createValue(double, WebCore::CSSPrimitiveValue::UnitTypes)
6   0x1074edef5 WebCore::parseSimpleLengthValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserMode)
7   0x1074edbd0 WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserMode, WebCore::StyleSheetContents*)
8   0x108db260f WebCore::MutableStyleProperties::setProperty(WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*)
Comment 1 Antonio Gomes 2014-03-20 19:15:23 PDT 
Duplicated of bug 127361?