260220 – parent-style-relative-units.html crashes due to unhandled CSS_LHS

Bug 260220 - parent-style-relative-units.html crashes due to unhandled CSS_LHS

Summary: parent-style-relative-units.html crashes due to unhandled CSS_LHS

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Text (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-08-15 14:10 PDT by Matt Woodrow
Modified:	2023-08-15 16:54 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Woodrow 2023-08-15 14:10:38 PDT

This test is setting the font size using a multiple of 'lh', and CSSPrimitiveValue::computeUnzoomedNonCalcLengthDouble doesn't handle CSS_LHS sizes.

Comment 1 Radar WebKit Bug Importer 2023-08-15 14:13:24 PDT

<rdar://problem/113927760>

Comment 2 Ben Schwartz 2023-08-15 14:15:02 PDT

Here's the bot-watcher check-in that I created, for reference.
____

imported/w3c/web-platform-tests/html/canvas/element/text/parent-style-relative-units.html

This test is a constant crash on debug builds, all platforms.

HISTORY:

https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fhtml%2Fcanvas%2Felement%2Ftext%2Fparent-style-relative-units.html

CRASH LOG / STDERR TEXT (sample):

SHOULD NEVER BE REACHED
/Volumes/Data/worker/Apple-Ventura-Debug-Build/build/Source/WebCore/css/CSSPrimitiveValue.cpp(712) : static double WebCore::CSSPrimitiveValue::computeUnzoomedNonCalcLengthDouble(WebCore::CSSUnitType, double, WebCore::CSSPropertyID, const WebCore::FontMetrics *, const WebCore::FontCascadeDescription *, const WebCore::FontCascadeDescription *, const WebCore::RenderView *)
1   0x1188e51d8 WTFCrash
2   0x1259ea380 WebCore::NetworkResourcesData::ResourceData::hasContent() const
3   0x124c86980 WebCore::CSSPrimitiveValue::computeUnzoomedNonCalcLengthDouble(WebCore::CSSUnitType, double, WebCore::CSSPropertyID, WebCore::FontMetrics const*, WebCore::FontCascadeDescription const*, WebCore::FontCascadeDescription const*, WebCore::RenderView const*)
...

CRASH LOG URL:

https://build.webkit.org/results/Apple-Ventura-Debug-AppleSilicon-WK1-Tests/266915@main%20(3181)/imported/w3c/web-platform-tests/html/canvas/element/text/parent-style-relative-units-crash-log.txt

REPRODUCIBILITY:

I was able to reproduce this bug on macOS Ventura wk2 debug ToT running the test as follows:

run-webkit-tests --debug --iterations 5 --verbose imported/w3c/web-platform-tests/html/canvas/element/text/parent-style-relative-units.html

REGRESSION:

This bug started with a WPT test import batch at 266711@main.

Comment 3 EWS 2023-08-15 14:46:11 PDT

Test gardening commit 266926@main (1705f9ac717a): <https://commits.webkit.org/266926@main>

Reviewed commits have been landed. Closing PR #16720 and removing active labels.

Comment 4 Ben Schwartz 2023-08-15 16:54:19 PDT

I have skipped this test while the issue is being investigated. (PR link: https://github.com/WebKit/WebKit/pull/16720)