[Webkit-unassigned] [Bug 176151] Crash in WebCore::CalculationValue::evaluate
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 19 08:33:02 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=176151
--- Comment #4 from Michael Catanzaro <mcatanzaro at igalia.com> ---
The Length class is way more complicated than it needs to be. There are a bunch of different LengthTypes:
enum LengthType {
Auto, Relative, Percent, Fixed,
Intrinsic, MinIntrinsic,
MinContent, MaxContent, FillAvailable, FitContent,
Calculated,
Undefined
};
Calling calculationValue() for a non-Calculated length is illegal and would result in an assert in debug mode. That's what's happening here. So some higher level code is badly misusing the Length.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181019/0226f4e3/attachment.html>
More information about the webkit-unassigned
mailing list