[Webkit-unassigned] [Bug 66291] New: CSSPrimitiveValue::computeLengthDouble assumes fontMetrics are available

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 16 04:25:49 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=66291

           Summary: CSSPrimitiveValue::computeLengthDouble assumes
                    fontMetrics are available
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: skylined at chromium.org
                CC: eric at webkit.org


Created an attachment (id=104023)
 --> (https://bugs.webkit.org/attachment.cgi?id=104023&action=review)
Repro

Repro:
<script>
  oContext2d=document.getCSSCanvasContext("2d","",0);
  oContext2d.font="small-caps.0ex G";
</script>

double CSSPrimitiveValue::computeLengthDouble(RenderStyle* style, RenderStyle* rootStyle, double multiplier, bool computingFontSize)
{
<<<snip>>>
    switch (type) {
<<<snip>>>
        case CSS_EXS:
            // FIXME: We have a bug right now where the zoom will be applied twice to EX units.
            // We really need to compute EX using fontMetrics for the original specifiedSize and not use
            // our actual constructed rendering font.
            applyZoomMultiplier = false;
            factor = style->fontMetrics().xHeight();
            break;

There is no font list (yet), leading to an ASSERT and NULL ptr here:

inline const SimpleFontData* Font::primaryFont() const
{
    ASSERT(m_fontList);
    return m_fontList->primarySimpleFontData(this);
}

id:             chrome.dll!WebCore::RenderStyle::fontMetrics ReadAV at NULL (73a53e2ce303ee898f439c13af2ceffd)
description:    Attempt to read from unallocated NULL pointer+0x30 in chrome.dll!WebCore::RenderStyle::fontMetrics
stack:          chrome.dll!WebCore::RenderStyle::fontMetrics
                chrome.dll!WebCore::CSSPrimitiveValue::computeLengthDouble
                chrome.dll!WebCore::CSSPrimitiveValue::computeLength<...>
                chrome.dll!WebCore::CSSStyleSelector::applyProperty
                chrome.dll!WebCore::CSSStyleSelector::applyProperty
                chrome.dll!WebCore::CSSStyleSelector::applyPropertyToStyle
                chrome.dll!WebCore::CanvasRenderingContext2D::setFont
                chrome.dll!WebCore::CanvasRenderingContext2DInternal::fontAttrSetter
                chrome.dll!v8::internal::JSObject::SetPropertyWithCallback
                chrome.dll!v8::internal::JSObject::SetPropertyForResult
                chrome.dll!v8::internal::JSReceiver::SetProperty
                chrome.dll!v8::internal::StoreIC::Store
                chrome.dll!v8::internal::StoreIC_Miss
                ...

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list