138933 – Crash when setting 'font' CSS property to 'calc(2 * 3)'

Bug 138933 - Crash when setting 'font' CSS property to 'calc(2 * 3)'

Summary: Crash when setting 'font' CSS property to 'calc(2 * 3)'

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	CSS (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:

Depends on:
Blocks:	138778
	Show dependency tree / graph

Reported:	2014-11-20 13:41 PST by Chris Dumez
Modified:	2014-11-21 11:00 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Reproduction case (562 bytes, text/html) 2014-11-20 13:41 PST, Chris Dumez	no flags	Details
Patch (4.40 KB, patch) 2014-11-20 15:43 PST, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2014-11-20 13:41:57 PST

Created attachment 241975 [details]
Reproduction case

Crash when setting 'font' CSS property to 'calc(2 * 3)':

ASSERTION FAILED: !m_parsedCalculation
/Users/chris/WebKit/OpenSource/Source/WebCore/css/CSSParser.cpp(10000) : bool WebCore::CSSParser::parseCalculation(WebCore::CSSParserValue *, WebCore::CalculationPermittedValueRange)
1   0x10e0129a0 WTFCrash
2   0x10f95dccb WebCore::CSSParser::parseCalculation(WebCore::CSSParserValue*, WebCore::CalculationPermittedValueRange)
3   0x10f95d929 WebCore::CSSParser::validCalculationUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParser::ReleaseParsedCalcValueCondition)
4   0x10f95ddbe WebCore::CSSParser::validUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParserMode, WebCore::CSSParser::ReleaseParsedCalcValueCondition)
5   0x10f999dc8 WebCore::CSSParser::validUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParser::ReleaseParsedCalcValueCondition)
6   0x10f96a4e4 WebCore::CSSParser::parseFontSize(bool)
7   0x10f976fac WebCore::CSSParser::parseFont(bool)
8   0x10f963bd5 WebCore::CSSParser::parseValue(WebCore::CSSPropertyID, bool)
9   0x10f92a333 cssyyparse(WebCore::CSSParser*)
10  0x10f95b73e WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*)
11  0x10f95a977 WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserMode, WebCore::StyleSheetContents*)
12  0x11121e5ef WebCore::MutableStyleProperties::setProperty(WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*)
13  0x110bf5feb WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal(WebCore::CSSPropertyID, WTF::String const&, bool, int&)
14  0x1103e8db8 WebCore::JSCSSStyleDeclaration::putDelegate(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
15  0x1103e3f69 WebCore::JSCSSStyleDeclaration::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
16  0x10d9e4772 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)

Comment 1 Chris Dumez 2014-11-20 15:43:53 PST

Created attachment 241997 [details]
Patch

Comment 2 WebKit Commit Bot 2014-11-21 11:00:50 PST

Comment on attachment 241997 [details]
Patch

Clearing flags on attachment: 241997

Committed r176454: <http://trac.webkit.org/changeset/176454>

Comment 3 WebKit Commit Bot 2014-11-21 11:00:57 PST

All reviewed patches have been landed.  Closing bug.