RESOLVED FIXED 19964
divide by zero crash in RenderBox::calculateBackgroundSize with 0,0 bmp background image 
https://bugs.webkit.org/show_bug.cgi?id=19964
Summary divide by zero crash in RenderBox::calculateBackgroundSize with 0,0 bmp backg...
Alexander Mohr
Reported 2008-07-09 11:33:27 PDT
there's a divide by zero crash in RenderBox::calculateBackgroundSize when you load a 0,0 bmp as the background image and specify -khtml-background-size It crashes on: w = bg->imageSize(this, style()->effectiveZoom()).width() * h / bg->imageSize(this, style()->effectiveZoom()).height(); since bg->imageSize returns 0,0
Attachments
sample 0,0 bitmap (60 bytes, image/bmp)
2008-07-09 11:35 PDT, Alexander Mohr 		no flags
Details
page that links to 0,0 bitmap bugfile that causes crash (205 bytes, text/html)
2008-07-09 11:43 PDT, Alexander Mohr 		no flags
Details
Proposed fix (4.86 KB, patch)
2008-07-25 13:19 PDT, Chris Brichford 		chrisb: review-
DetailsFormatted DiffDiff
New patch for bug 19964 (3.47 KB, patch)
2008-08-06 08:33 PDT, Mihnea Ovidenie 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexander Mohr
Comment 1 2008-07-09 11:35:35 PDT
Created attachment 22187 [details] sample 0,0 bitmap
Alexander Mohr
Comment 2 2008-07-09 11:43:46 PDT
Created attachment 22188 [details] page that links to 0,0 bitmap bugfile that causes crash
Chris Brichford
Comment 3 2008-07-25 10:32:30 PDT
I suspect change set 31981 introduced this bug when it removed the following statements from RenderBox::imageChanged: if (!image || !image->canRender(style()->effectiveZoom()) || !parent() || !view()) return; canRender will return false if the image is zero width or zero height. If we take the early out in RenderBox::imageChanged we never call calculateBackgroundSize, which assumes that any background images have non-zero height.
Chris Brichford
Comment 4 2008-07-25 13:19:52 PDT
Created attachment 22479 [details] Proposed fix Proposed fix, including LayoutTest.
Chris Brichford
Comment 5 2008-07-25 18:11:51 PDT
My fix is busted. Breaks rendering of broken images.
Mihnea Ovidenie
Comment 6 2008-08-06 08:33:25 PDT
Created attachment 22681 [details] New patch for bug 19964
Darin Adler
Comment 7 2008-08-21 17:45:20 PDT
Comment on attachment 22681 [details] New patch for bug 19964 + * ChangeLog: The ChangeLog itself shouldn't be listed in the ChangeLog. We need a ChangeLog for the LayoutTests directory too, not just WebCore. Otherwise this patch looks good. I'm going to say review+ but having no patch for LayoutTests does add work for whoever commits the patch.
Mihnea Ovidenie
Comment 8 2008-08-22 01:28:53 PDT
Hello, Can you please explain me what did you mean by having no patch for LayoutTests? The patch i submitted included a test for the problem itself: "LayoutTests/css3/khtml-background-size-0x0-bmp.html" and the needed bitmap for the test. If more tests are needed for the patch to land in the trunk, please tell me and i will be glad to do it. Regards, Mihnea Ovidenie > (From update of attachment 22681 [details] [edit]) > + * ChangeLog: > > The ChangeLog itself shouldn't be listed in the ChangeLog. > > We need a ChangeLog for the LayoutTests directory too, not just WebCore. > > Otherwise this patch looks good. I'm going to say review+ but having no patch > for LayoutTests does add work for whoever commits the patch. >
Mark Rowe (bdash)
Comment 9 2008-09-02 23:23:22 PDT
Landed in r36047. Mihnea, what Darin meant is that you did not include a ChangeLog entry for your changes inside LayoutTests. I added one when I landed the change, but in the future you should include one with your patches.
Note You need to log in before you can comment on or make changes to this bug.