[Webkit-unassigned] [Bug 159412] Using dpi unit in sizes attribute raises SIGSEGV
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 11 07:43:55 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=159412
--- Comment #9 from Darin Adler <darin at apple.com> ---
I am not sure the patch is OK. Seems a bit sloppy to turn any invalid value into CSS_UNKOWN.
What is the correct behavior when this kind of invalid value is specified for a source size? Should it be a parsing error? Should the size be silently omitted from the parsed result?
I looked at the original code before I fixed the storage leak. As far as I can tell, that original code still had the same issue. In the old code a null pointer dereference would happen inside the computeLength function in the SourceSizeList.cpp file.
https://trac.webkit.org/browser/trunk/Source/WebCore/css/SourceSizeList.cpp?rev=176719
Assuming that we want to silently ignore the single size, I think the cleanest way to write the sourceSize function would be to have it return Optional<CSSParser::SourceSize> and return no source size at all when the value is invalid rather than instead using a size with a CSS_UNKNOWN primitive value in it.
The call site in CSSGrammar.y.in could just not append a size in that case.
But I am not sure what the desired behavior is in this error case.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160711/2893670d/attachment.html>
More information about the webkit-unassigned
mailing list