Fix sizes crash and add invalid value tests.
authoryoav@yoav.ws <yoav@yoav.ws@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 May 2015 21:22:35 +0000 (21:22 +0000)
committeryoav@yoav.ws <yoav@yoav.ws@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 May 2015 21:22:35 +0000 (21:22 +0000)
https://bugs.webkit.org/show_bug.cgi?id=144739

Reviewed by Darin Adler.

Source/WebCore:

Make sure that only CSS length are allowed when the sizes parser is calling computeLength.
Also make sure that for invalid lengths, the 100vw default is used instead.

Test: fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html

* css/SourceSizeList.cpp:
(WebCore::computeLength):
(WebCore::defaultLength):
(WebCore::parseSizesAttribute):

LayoutTests:

Add tests that make sure that invalid values are properly handled, and a 100vw
source-size length is being used for srcset and for intrinsic dimension calculation.

* fast/dom/HTMLImageElement/sizes/image-sizes-invalids-expected.txt: Added.
* fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@183948 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/dom/HTMLImageElement/sizes/image-sizes-invalids-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/css/SourceSizeList.cpp

index 9e73a48..e8b8303 100644 (file)
@@ -1,3 +1,16 @@
+2015-05-07  Yoav Weiss  <yoav@yoav.ws>
+
+        Fix sizes crash and add invalid value tests.
+        https://bugs.webkit.org/show_bug.cgi?id=144739
+
+        Reviewed by Darin Adler.
+
+        Add tests that make sure that invalid values are properly handled, and a 100vw
+        source-size length is being used for srcset and for intrinsic dimension calculation.
+
+        * fast/dom/HTMLImageElement/sizes/image-sizes-invalids-expected.txt: Added.
+        * fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html: Added.
+
 2015-05-07  Simon Fraser  <simon.fraser@apple.com>
 
         Remove the WK1-only code path for independently composited iframes
diff --git a/LayoutTests/fast/dom/HTMLImageElement/sizes/image-sizes-invalids-expected.txt b/LayoutTests/fast/dom/HTMLImageElement/sizes/image-sizes-invalids-expected.txt
new file mode 100644 (file)
index 0000000..24e4018
--- /dev/null
@@ -0,0 +1,16 @@
+PASS document.getElementById(elementId).clientWidth is 800
+PASS currentSrcFileName(elementId) is "image-set-2x.png"
+PASS document.getElementById(elementId).clientWidth is 800
+PASS currentSrcFileName(elementId) is "image-set-2x.png"
+PASS document.getElementById(elementId).clientWidth is 800
+PASS currentSrcFileName(elementId) is "image-set-2x.png"
+PASS document.getElementById(elementId).clientWidth is 800
+PASS currentSrcFileName(elementId) is "image-set-2x.png"
+PASS document.getElementById(elementId).clientWidth is 800
+PASS currentSrcFileName(elementId) is "image-set-2x.png"
+PASS document.getElementById(elementId).clientWidth is 800
+PASS currentSrcFileName(elementId) is "image-set-2x.png"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+       
diff --git a/LayoutTests/fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html b/LayoutTests/fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
new file mode 100644 (file)
index 0000000..9215abc
--- /dev/null
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<script src="../../../../resources/js-test.js"></script>
+<script src="../resources/currentSrcHelper.js"></script>
+<script>
+    if (window.testRunner)
+        testRunner.dumpAsText();
+
+    var elementId;
+    addEventListener("load", function() {
+        for (var i = 1; i < 7; ++i) {
+            elementId = "crash" + i;
+            shouldBe('document.getElementById(elementId).clientWidth', '800');
+            shouldBe('currentSrcFileName(elementId)', '"image-set-2x.png"');
+        }
+    }, false);
+</script>
+<!-- crash tests -->
+<img id="crash1" sizes="1q" srcset="../../../hidpi/resources/image-set-2x.png 800w, ../resources/image-set-4x.png 16000w">
+<img id="crash1" sizes="1pxllll" srcset="../../../hidpi/resources/image-set-2x.png 800w, ../resources/image-set-4x.png 16000w">
+<img id="crash2" sizes="1dfsdf4534fddd" srcset="../../../hidpi/resources/image-set-2x.png 800w, ../resources/image-set-4x.png 16000w">
+<img id="crash3" sizes="calc()" srcset="../../../hidpi/resources/image-set-2x.png 800w, ../resources/image-set-4x.png 16000w">
+<img id="crash4" sizes="calc(3q)" srcset="../../../hidpi/resources/image-set-2x.png 800w, ../resources/image-set-4x.png 16000w">
+<img id="crash4" sizes="calcssdff()" srcset="../../../hidpi/resources/image-set-2x.png 800w, ../resources/image-set-4x.png 16000w">
+<img id="crash5" sizes="calc(2px+dfmjbsf,,,skidkk)" srcset="../../../hidpi/resources/image-set-2x.png 800w, ../resources/image-set-4x.png 16000w">
+<img id="crash6" sizes="calc(2px+dfmjbsf,,,skidkk) + 2px, 56px" srcset="../../../hidpi/resources/image-set-2x.png 800w, ../resources/image-set-4x.png 16000w">
index 28b2de3..aca981d 100644 (file)
@@ -1,3 +1,20 @@
+2015-05-07  Yoav Weiss  <yoav@yoav.ws>
+
+        Fix sizes crash and add invalid value tests.
+        https://bugs.webkit.org/show_bug.cgi?id=144739
+
+        Reviewed by Darin Adler.
+
+        Make sure that only CSS length are allowed when the sizes parser is calling computeLength.
+        Also make sure that for invalid lengths, the 100vw default is used instead.
+
+        Test: fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
+
+        * css/SourceSizeList.cpp:
+        (WebCore::computeLength):
+        (WebCore::defaultLength):
+        (WebCore::parseSizesAttribute):
+
 2015-05-07  Michael Catanzaro  <mcatanzaro@igalia.com>
 
         [GTK] Checks for DEVELOPMENT_BUILD are all wrong
index 62487a9..65691ff 100644 (file)
@@ -56,16 +56,25 @@ static bool match(std::unique_ptr<MediaQueryExp>&& expression, RenderStyle& styl
     return mediaQueryEvaluator.eval(mediaQuerySet.get());
 }
 
+static unsigned defaultLength(RenderStyle& style, RenderView* view)
+{
+    return CSSPrimitiveValue::create(100, CSSPrimitiveValue::CSS_VW)->computeLength<unsigned>(CSSToLengthConversionData(&style, &style, view));
+}
+
 static unsigned computeLength(CSSValue* value, RenderStyle& style, RenderView* view)
 {
     CSSToLengthConversionData conversionData(&style, &style, view);
-    if (is<CSSPrimitiveValue>(value))
-        return downcast<CSSPrimitiveValue>(*value).computeLength<unsigned>(conversionData);
+    if (is<CSSPrimitiveValue>(value)) {
+        CSSPrimitiveValue& primitiveValue = downcast<CSSPrimitiveValue>(*value);
+        if (!primitiveValue.isLength())
+            return defaultLength(style, view);
+        return primitiveValue.computeLength<unsigned>(conversionData);
+    }
     if (is<CSSCalcValue>(value)) {
         Length length(downcast<CSSCalcValue>(*value).createCalculationValue(conversionData));
         return CSSPrimitiveValue::create(length, &style)->computeLength<unsigned>(conversionData);
     }
-    return 0;
+    return defaultLength(style, view);
 }
 
 unsigned parseSizesAttribute(StringView sizesAttribute, RenderView* view, Frame* frame)
@@ -77,7 +86,7 @@ unsigned parseSizesAttribute(StringView sizesAttribute, RenderView* view, Frame*
         if (match(WTF::move(sourceSize.expression), style, frame))
             return computeLength(sourceSize.length.get(), style, view);
     }
-    return computeLength(CSSPrimitiveValue::create(100, CSSPrimitiveValue::CSS_VW).ptr(), style, view);
+    return defaultLength(style, view);
 }
 
 #endif