- Revision
- 178262
- Author
- carlo...@webkit.org
- Date
- 2015-01-12 06:25:24 -0800 (Mon, 12 Jan 2015)
Log Message
Merge r176301 - Crash when setting 'z-index' / 'flex-shrink' CSS properties to a calculated value
https://bugs.webkit.org/show_bug.cgi?id=138783
Reviewed by Andreas Kling.
Source/WebCore:
Update operators converting CSSPrimitiveValue to integer / floating
point types to properly handle calculated values (e.g. 'calc(2 * 3)').
Previously, this was not working in release builds and we would hit an
ASSERT_NOT_REACHED() in debug builds.
Tests: fast/css/flex-shrink-calculated-value.html
fast/css/z-index-calculated-value.html
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::operator unsigned short):
(WebCore::CSSPrimitiveValue::operator int):
(WebCore::CSSPrimitiveValue::operator unsigned):
(WebCore::CSSPrimitiveValue::operator float):
LayoutTests:
Add layout tests to check that settings 'z-index' / 'flex-shrink' CSS
properties to a calculated value does not crash and behaves as
expected.
* fast/css/flex-shrink-calculated-value-expected.txt: Added.
* fast/css/flex-shrink-calculated-value.html: Added.
* fast/css/z-index-calculated-value-expected.txt: Added.
* fast/css/z-index-calculated-value.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.6/LayoutTests/ChangeLog (178261 => 178262)
--- releases/WebKitGTK/webkit-2.6/LayoutTests/ChangeLog 2015-01-12 14:22:57 UTC (rev 178261)
+++ releases/WebKitGTK/webkit-2.6/LayoutTests/ChangeLog 2015-01-12 14:25:24 UTC (rev 178262)
@@ -1,3 +1,19 @@
+2014-11-18 Chris Dumez <cdu...@apple.com>
+
+ Crash when setting 'z-index' / 'flex-shrink' CSS properties to a calculated value
+ https://bugs.webkit.org/show_bug.cgi?id=138783
+
+ Reviewed by Andreas Kling.
+
+ Add layout tests to check that settings 'z-index' / 'flex-shrink' CSS
+ properties to a calculated value does not crash and behaves as
+ expected.
+
+ * fast/css/flex-shrink-calculated-value-expected.txt: Added.
+ * fast/css/flex-shrink-calculated-value.html: Added.
+ * fast/css/z-index-calculated-value-expected.txt: Added.
+ * fast/css/z-index-calculated-value.html: Added.
+
2014-11-18 David Hyatt <hy...@apple.com>
REGRESSION (r167210): Invalid cast in WebCore::RenderBlock::blockSelectionGaps
Added: releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/flex-shrink-calculated-value-expected.txt (0 => 178262)
--- releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/flex-shrink-calculated-value-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/flex-shrink-calculated-value-expected.txt 2015-01-12 14:25:24 UTC (rev 178262)
@@ -0,0 +1,13 @@
+Tests assigning a calculated value to flex-shrink CSS property.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS testDiv.style['flex-shrink'] is ""
+testDiv.style['flex-shrink'] = 'calc(2 * 3)'
+PASS testDiv.style['flex-shrink'] is "calc(6)"
+PASS window.getComputedStyle(testDiv).getPropertyValue('flex-shrink') is "6"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/flex-shrink-calculated-value.html (0 => 178262)
--- releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/flex-shrink-calculated-value.html (rev 0)
+++ releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/flex-shrink-calculated-value.html 2015-01-12 14:25:24 UTC (rev 178262)
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<body>
+<script src=""
+<div id="testDiv" style="position: absolute;"></div>
+<script>
+description("Tests assigning a calculated value to flex-shrink CSS property.");
+
+var testDiv = document.getElementById("testDiv");
+
+shouldBeEmptyString("testDiv.style['flex-shrink']");
+evalAndLog("testDiv.style['flex-shrink'] = 'calc(2 * 3)'");
+shouldBeEqualToString("testDiv.style['flex-shrink']", "calc(6)");
+shouldBeEqualToString("window.getComputedStyle(testDiv).getPropertyValue('flex-shrink')", "6");
+
+</script>
+<script src=""
+</body>
Added: releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/z-index-calculated-value-expected.txt (0 => 178262)
--- releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/z-index-calculated-value-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/z-index-calculated-value-expected.txt 2015-01-12 14:25:24 UTC (rev 178262)
@@ -0,0 +1,13 @@
+Tests assigning a calculated value to z-index CSS property.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS testDiv.style['z-index'] is ""
+testDiv.style['z-index'] = 'calc(-2 * 3)'
+PASS testDiv.style['z-index'] is "calc(-6)"
+PASS window.getComputedStyle(testDiv).getPropertyValue('z-index') is "-6"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/z-index-calculated-value.html (0 => 178262)
--- releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/z-index-calculated-value.html (rev 0)
+++ releases/WebKitGTK/webkit-2.6/LayoutTests/fast/css/z-index-calculated-value.html 2015-01-12 14:25:24 UTC (rev 178262)
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<body>
+<script src=""
+<div id="testDiv" style="position: absolute;"></div>
+<script>
+description("Tests assigning a calculated value to z-index CSS property.");
+
+var testDiv = document.getElementById("testDiv");
+
+shouldBeEmptyString("testDiv.style['z-index']");
+evalAndLog("testDiv.style['z-index'] = 'calc(-2 * 3)'");
+shouldBeEqualToString("testDiv.style['z-index']", "calc(-6)");
+shouldBeEqualToString("window.getComputedStyle(testDiv).getPropertyValue('z-index')", "-6");
+
+</script>
+<script src=""
+</body>
Modified: releases/WebKitGTK/webkit-2.6/Source/WebCore/ChangeLog (178261 => 178262)
--- releases/WebKitGTK/webkit-2.6/Source/WebCore/ChangeLog 2015-01-12 14:22:57 UTC (rev 178261)
+++ releases/WebKitGTK/webkit-2.6/Source/WebCore/ChangeLog 2015-01-12 14:25:24 UTC (rev 178262)
@@ -1,3 +1,24 @@
+2014-11-18 Chris Dumez <cdu...@apple.com>
+
+ Crash when setting 'z-index' / 'flex-shrink' CSS properties to a calculated value
+ https://bugs.webkit.org/show_bug.cgi?id=138783
+
+ Reviewed by Andreas Kling.
+
+ Update operators converting CSSPrimitiveValue to integer / floating
+ point types to properly handle calculated values (e.g. 'calc(2 * 3)').
+ Previously, this was not working in release builds and we would hit an
+ ASSERT_NOT_REACHED() in debug builds.
+
+ Tests: fast/css/flex-shrink-calculated-value.html
+ fast/css/z-index-calculated-value.html
+
+ * css/CSSPrimitiveValueMappings.h:
+ (WebCore::CSSPrimitiveValue::operator unsigned short):
+ (WebCore::CSSPrimitiveValue::operator int):
+ (WebCore::CSSPrimitiveValue::operator unsigned):
+ (WebCore::CSSPrimitiveValue::operator float):
+
2014-11-18 David Hyatt <hy...@apple.com>
REGRESSION (r167210): Invalid cast in WebCore::RenderBlock::blockSelectionGaps
Modified: releases/WebKitGTK/webkit-2.6/Source/WebCore/css/CSSPrimitiveValueMappings.h (178261 => 178262)
--- releases/WebKitGTK/webkit-2.6/Source/WebCore/css/CSSPrimitiveValueMappings.h 2015-01-12 14:22:57 UTC (rev 178261)
+++ releases/WebKitGTK/webkit-2.6/Source/WebCore/css/CSSPrimitiveValueMappings.h 2015-01-12 14:25:24 UTC (rev 178262)
@@ -82,8 +82,8 @@
template<> inline CSSPrimitiveValue::operator unsigned short() const
{
- if (m_primitiveUnitType == CSS_NUMBER)
- return clampTo<unsigned short>(m_value.num);
+ if (primitiveType() == CSS_NUMBER)
+ return getValue<unsigned short>();
ASSERT_NOT_REACHED();
return 0;
@@ -91,8 +91,8 @@
template<> inline CSSPrimitiveValue::operator int() const
{
- if (m_primitiveUnitType == CSS_NUMBER)
- return clampTo<int>(m_value.num);
+ if (primitiveType() == CSS_NUMBER)
+ return getValue<int>();
ASSERT_NOT_REACHED();
return 0;
@@ -100,8 +100,8 @@
template<> inline CSSPrimitiveValue::operator unsigned() const
{
- if (m_primitiveUnitType == CSS_NUMBER)
- return clampTo<unsigned>(m_value.num);
+ if (primitiveType() == CSS_NUMBER)
+ return getValue<unsigned>();
ASSERT_NOT_REACHED();
return 0;
@@ -117,8 +117,8 @@
template<> inline CSSPrimitiveValue::operator float() const
{
- if (m_primitiveUnitType == CSS_NUMBER)
- return clampTo<float>(m_value.num);
+ if (primitiveType() == CSS_NUMBER)
+ return getValue<float>();
ASSERT_NOT_REACHED();
return 0.0f;
