ASSERTION FAILED: columnCount in WebCore::CSSParser::parseGridTemplateAreasRow
authorjfernandez@igalia.com <jfernandez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Sep 2014 14:50:12 +0000 (14:50 +0000)
committerjfernandez@igalia.com <jfernandez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 25 Sep 2014 14:50:12 +0000 (14:50 +0000)
https://bugs.webkit.org/show_bug.cgi?id=136945

Reviewed by Sergio Villar Senin.

Source/WebCore:

Checking out whether the grid-template-areas value contains a white-space only
string, which is not valid as it does not produce a cell token.

Test: fast/css-grid-layout/grid-template-areas-empty-string-crash.html

* css/CSSParser.cpp:
(WebCore::CSSParser::parseGridTemplateAreasRow):

LayoutTests:

Testing the different types of white-space only strings for the grid-template-areas
property, which is not valid as it does not produce a cell token.

* fast/css-grid-layout/grid-template-areas-empty-string-crash-expected.txt: Added.
* fast/css-grid-layout/grid-template-areas-empty-string-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@173965 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/css-grid-layout/grid-template-areas-empty-string-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/css-grid-layout/grid-template-areas-empty-string-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/css/CSSParser.cpp

index 5d0a731..f3a83d6 100644 (file)
@@ -1,3 +1,16 @@
+2014-09-25  Javier Fernandez  <jfernandez@igalia.com>
+
+        ASSERTION FAILED: columnCount in WebCore::CSSParser::parseGridTemplateAreasRow
+        https://bugs.webkit.org/show_bug.cgi?id=136945
+
+        Reviewed by Sergio Villar Senin.
+
+        Testing the different types of white-space only strings for the grid-template-areas
+        property, which is not valid as it does not produce a cell token.
+
+        * fast/css-grid-layout/grid-template-areas-empty-string-crash-expected.txt: Added.
+        * fast/css-grid-layout/grid-template-areas-empty-string-crash.html: Added.
+
 2014-09-25  Lorenzo Tilve  <ltilve@igalia.com>
 
         [GTK] Unreviewed GTK gardening.
diff --git a/LayoutTests/fast/css-grid-layout/grid-template-areas-empty-string-crash-expected.txt b/LayoutTests/fast/css-grid-layout/grid-template-areas-empty-string-crash-expected.txt
new file mode 100644 (file)
index 0000000..0fc8c5a
--- /dev/null
@@ -0,0 +1,5 @@
+webkit.org/b/136945 - ASSERTION FAILED: columnCount in WebCore::CSSParser::parseGridTemplateAreasRow
+
+This test has PASSED if it doesn't CRASH.
+
+
diff --git a/LayoutTests/fast/css-grid-layout/grid-template-areas-empty-string-crash.html b/LayoutTests/fast/css-grid-layout/grid-template-areas-empty-string-crash.html
new file mode 100644 (file)
index 0000000..3769808
--- /dev/null
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html
+<head>
+<link href="resources/grid.css" rel="stylesheet">
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+<style>
+.space {
+    -webkit-grid-template-areas: "\0020";
+}
+.tab {
+    -webkit-grid-template-areas: "\0009";
+}
+.lineFeed {
+    -webkit-grid-template-areas: "\000A";
+}
+.carriageReturn {
+    -webkit-grid-template-areas: "\000D";
+}
+.formFeed {
+    -webkit-grid-template-areas: "\000C";
+}
+.multipleSpace {
+    -webkit-grid-template-areas: "    ";
+}
+</style>
+</head>
+<p>webkit.org/b/136945 - ASSERTION FAILED: columnCount in WebCore::CSSParser::parseGridTemplateAreasRow</p>
+<p>This test has PASSED if it doesn't CRASH.</p>
+<div class="grid space"></div>
+<div class="grid tab"></div>
+<div class="grid lineFeed"></div>
+<div class="grid carriageReturn"></div>
+<div class="grid formFeed"></div>
+<div class="grid multipleSpace"></div>
index d7e4993..fab4344 100644 (file)
@@ -1,3 +1,18 @@
+2014-09-25  Javier Fernandez  <jfernandez@igalia.com>
+
+        ASSERTION FAILED: columnCount in WebCore::CSSParser::parseGridTemplateAreasRow
+        https://bugs.webkit.org/show_bug.cgi?id=136945
+
+        Reviewed by Sergio Villar Senin.
+
+        Checking out whether the grid-template-areas value contains a white-space only
+        string, which is not valid as it does not produce a cell token.
+
+        Test: fast/css-grid-layout/grid-template-areas-empty-string-crash.html
+
+        * css/CSSParser.cpp:
+        (WebCore::CSSParser::parseGridTemplateAreasRow):
+
 2014-09-25  Csaba Osztrogon√°c  <ossy@webkit.org>
 
         Remove WinCE port from trunk
index e50490e..d0cf45e 100644 (file)
@@ -5568,7 +5568,7 @@ bool CSSParser::parseGridTemplateAreasRow(NamedGridAreaMap& gridAreaMap, const u
         return false;
 
     String gridRowNames = currentValue->string;
-    if (gridRowNames.isEmpty())
+    if (gridRowNames.isEmpty() || gridRowNames.containsOnlyWhitespace())
         return false;
 
     Vector<String> columnNames;