RESOLVED FIXED 138933
Crash when setting 'font' CSS property to 'calc(2 * 3)' 
https://bugs.webkit.org/show_bug.cgi?id=138933
Summary Crash when setting 'font' CSS property to 'calc(2 * 3)'
Chris Dumez
Reported 2014-11-20 13:41:57 PST
Created attachment 241975 [details] Reproduction case Crash when setting 'font' CSS property to 'calc(2 * 3)': ASSERTION FAILED: !m_parsedCalculation /Users/chris/WebKit/OpenSource/Source/WebCore/css/CSSParser.cpp(10000) : bool WebCore::CSSParser::parseCalculation(WebCore::CSSParserValue *, WebCore::CalculationPermittedValueRange) 1 0x10e0129a0 WTFCrash 2 0x10f95dccb WebCore::CSSParser::parseCalculation(WebCore::CSSParserValue*, WebCore::CalculationPermittedValueRange) 3 0x10f95d929 WebCore::CSSParser::validCalculationUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParser::ReleaseParsedCalcValueCondition) 4 0x10f95ddbe WebCore::CSSParser::validUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParserMode, WebCore::CSSParser::ReleaseParsedCalcValueCondition) 5 0x10f999dc8 WebCore::CSSParser::validUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParser::ReleaseParsedCalcValueCondition) 6 0x10f96a4e4 WebCore::CSSParser::parseFontSize(bool) 7 0x10f976fac WebCore::CSSParser::parseFont(bool) 8 0x10f963bd5 WebCore::CSSParser::parseValue(WebCore::CSSPropertyID, bool) 9 0x10f92a333 cssyyparse(WebCore::CSSParser*) 10 0x10f95b73e WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*) 11 0x10f95a977 WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserMode, WebCore::StyleSheetContents*) 12 0x11121e5ef WebCore::MutableStyleProperties::setProperty(WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*) 13 0x110bf5feb WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal(WebCore::CSSPropertyID, WTF::String const&, bool, int&) 14 0x1103e8db8 WebCore::JSCSSStyleDeclaration::putDelegate(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 15 0x1103e3f69 WebCore::JSCSSStyleDeclaration::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) 16 0x10d9e4772 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
Attachments
Reproduction case (562 bytes, text/html)
2014-11-20 13:41 PST, Chris Dumez 		no flags
Details
Patch (4.40 KB, patch)
2014-11-20 15:43 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2014-11-20 15:43:53 PST
Created attachment 241997 [details] Patch
WebKit Commit Bot
Comment 2 2014-11-21 11:00:50 PST
Comment on attachment 241997 [details] Patch Clearing flags on attachment: 241997 Committed r176454: <http://trac.webkit.org/changeset/176454>
WebKit Commit Bot
Comment 3 2014-11-21 11:00:57 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.