ASSERTION FAILED: !length.isUndefined() in WebCore::GridLength::GridLength
authorsvillar@igalia.com <svillar@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Feb 2015 10:58:15 +0000 (10:58 +0000)
committersvillar@igalia.com <svillar@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 26 Feb 2015 10:58:15 +0000 (10:58 +0000)
commit753fe168087c53f96bf773fa71c8ce66a910554a
tree4791400174d77c1ed79ba9ed6ee5e15aef92a2fe
parent793ee9067c2ae3631e57bbf3f77ec962ec4470f7
ASSERTION FAILED: !length.isUndefined() in WebCore::GridLength::GridLength
https://bugs.webkit.org/show_bug.cgi?id=141645

Reviewed by Chris Dumez.

Source/WebCore:

This bug has been here since r110484 but was uncovered by
r180140. The problem r110484 was trying to fix was that
CSSPrimitiveValue::convertToLength<Length> ended up calling
CSSPrimitiveValue::computeLengthDouble() which was apparently
dereferencing conversionData.style() and
conversionData.rootStyle() pointers without checking them. That's
why that fix added this condition to convertToLength():

isFontRelativeLength() && (!conversionData.style() || !conversionData.rootStyle())

which is not correct, because for the 4 possible font relative
length types, 3 of them just use the style() pointer and the other
one just uses rootStyle() which BTW could be NULL. This erroneous
condition makes that function to return Length(Undefined) more
often than it should.

From now on it only returns Length(Undefined) if the style()
pointer is NULL and the font relative length type is one in the
set (CSS_EMS, CSS_EXS, CSS_CHS);

Test: fast/css-grid-layout/grid-with-relative-font-length-crash.html

* css/CSSPrimitiveValue.h:
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::convertingToLengthRequiresNonNullStyle):
(WebCore::CSSPrimitiveValue::convertToLength):

LayoutTests:

* fast/css-grid-layout/grid-with-relative-font-length-crash-expected.txt: Added.
* fast/css-grid-layout/grid-with-relative-font-length-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@180669 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/css-grid-layout/grid-with-relative-font-length-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/css-grid-layout/grid-with-relative-font-length-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/css/CSSPrimitiveValue.h
Source/WebCore/css/CSSPrimitiveValueMappings.h