[Webkit-unassigned] [Bug 138933] New: Crash when setting 'font' CSS property to 'calc(2 * 3)'

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 20 13:41:57 PST 2014


https://bugs.webkit.org/show_bug.cgi?id=138933

            Bug ID: 138933
           Summary: Crash when setting 'font' CSS property to 'calc(2 *
                    3)'
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cdumez at apple.com
            Blocks: 138778

Created attachment 241975
  --> https://bugs.webkit.org/attachment.cgi?id=241975&action=review
Reproduction case

Crash when setting 'font' CSS property to 'calc(2 * 3)':

ASSERTION FAILED: !m_parsedCalculation
/Users/chris/WebKit/OpenSource/Source/WebCore/css/CSSParser.cpp(10000) : bool WebCore::CSSParser::parseCalculation(WebCore::CSSParserValue *, WebCore::CalculationPermittedValueRange)
1   0x10e0129a0 WTFCrash
2   0x10f95dccb WebCore::CSSParser::parseCalculation(WebCore::CSSParserValue*, WebCore::CalculationPermittedValueRange)
3   0x10f95d929 WebCore::CSSParser::validCalculationUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParser::ReleaseParsedCalcValueCondition)
4   0x10f95ddbe WebCore::CSSParser::validUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParserMode, WebCore::CSSParser::ReleaseParsedCalcValueCondition)
5   0x10f999dc8 WebCore::CSSParser::validUnit(WebCore::CSSParserValue*, WebCore::CSSParser::Units, WebCore::CSSParser::ReleaseParsedCalcValueCondition)
6   0x10f96a4e4 WebCore::CSSParser::parseFontSize(bool)
7   0x10f976fac WebCore::CSSParser::parseFont(bool)
8   0x10f963bd5 WebCore::CSSParser::parseValue(WebCore::CSSPropertyID, bool)
9   0x10f92a333 cssyyparse(WebCore::CSSParser*)
10  0x10f95b73e WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*)
11  0x10f95a977 WebCore::CSSParser::parseValue(WebCore::MutableStyleProperties*, WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::CSSParserMode, WebCore::StyleSheetContents*)
12  0x11121e5ef WebCore::MutableStyleProperties::setProperty(WebCore::CSSPropertyID, WTF::String const&, bool, WebCore::StyleSheetContents*)
13  0x110bf5feb WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal(WebCore::CSSPropertyID, WTF::String const&, bool, int&)
14  0x1103e8db8 WebCore::JSCSSStyleDeclaration::putDelegate(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
15  0x1103e3f69 WebCore::JSCSSStyleDeclaration::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)
16  0x10d9e4772 JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141120/85aea667/attachment-0002.html>


More information about the webkit-unassigned mailing list