[Webkit-unassigned] [Bug 63737] New: More clamps needed in CSSStyleSelector.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jun 30 10:37:27 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=63737

           Summary: More clamps needed in CSSStyleSelector.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: inferno at chromium.org
                CC: darin at apple.com, simon.fraser at apple.com


Luke, you might be interested since you have been working on adding the clamping stuff. I added these asserts which are now proving useful.

Testcase::
<summary  style="margin-top: Number.MAX_VALUEturn;font-size: 9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999em; role="NWg">

ASSERTION FAILED: isfinite(s)
WebCore::FontDescription::setSpecifiedSize
WebCore::CSSStyleSelector::setFontSize
WebCore::CSSStyleSelector::applyProperty
WebCore::CSSStyleSelector::applyDeclarations<1>
WebCore::CSSStyleSelector::styleForElement
WebCore::Node::styleForRenderer
(Not security since we are clamping computedSize properly, this only happens for specified size)

Testcase2::
<style>
    body:nth-of-type(even) {

 -webkit-marquee-increment: 1105000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000105000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000105000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000105000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000px 105000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000105000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000;

ASSERTION FAILED: isfinite(num)
WebCore::CSSPrimitiveValue::CSSPrimitiveValue
WebCore::CSSPrimitiveValue::create
WebCore::CSSPrimitiveValueCache::createValue
WebCore::CSSParser::createPrimitiveNumericValue
WebCore::CSSParser::parseValidPrimitive
WebCore::CSSParser::parseValue

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list