Diff
Modified: trunk/LayoutTests/ChangeLog (196737 => 196738)
--- trunk/LayoutTests/ChangeLog 2016-02-18 02:04:40 UTC (rev 196737)
+++ trunk/LayoutTests/ChangeLog 2016-02-18 02:13:37 UTC (rev 196738)
@@ -1,3 +1,19 @@
+2016-02-17 Dean Jackson <[email protected]>
+
+ WebKitCSSMatrix transformList with calculated relative length crashes Safari.
+ https://bugs.webkit.org/show_bug.cgi?id=153333
+ <rdar://problem/17198383>
+
+ Reviewed by Simon Fraser.
+
+ Update existing tests to exercise the non-absolute lengths for translation
+ and perspective functions.
+
+ * transforms/cssmatrix-2d-interface-expected.txt:
+ * transforms/cssmatrix-2d-interface.xhtml:
+ * transforms/cssmatrix-3d-interface-expected.txt:
+ * transforms/cssmatrix-3d-interface.xhtml:
+
2016-02-17 Keith Miller <[email protected]>
Spread operator should be allowed when not the first argument of parameter list
Modified: trunk/LayoutTests/transforms/cssmatrix-2d-interface-expected.txt (196737 => 196738)
--- trunk/LayoutTests/transforms/cssmatrix-2d-interface-expected.txt 2016-02-18 02:04:40 UTC (rev 196737)
+++ trunk/LayoutTests/transforms/cssmatrix-2d-interface-expected.txt 2016-02-18 02:13:37 UTC (rev 196738)
@@ -22,8 +22,17 @@
PASS parseFloat(a3[0]) is 0
PASS a3[1] is ""
-Test bad input to string constructor
+Test bad input to constructor
PASS new WebKitCSSMatrix("banana") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate(1em)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate(10px, 1em)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate(10px, calc(10px))") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate(1ex)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate(1%)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translatex(1em)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translatex(calc(10px))") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translatey(1em)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translatey(calc(10px))") threw exception Error: SyntaxError: DOM Exception 12.
Test attributes on default matrix
PASS m.a is 1
Modified: trunk/LayoutTests/transforms/cssmatrix-2d-interface.xhtml (196737 => 196738)
--- trunk/LayoutTests/transforms/cssmatrix-2d-interface.xhtml 2016-02-18 02:04:40 UTC (rev 196737)
+++ trunk/LayoutTests/transforms/cssmatrix-2d-interface.xhtml 2016-02-18 02:13:37 UTC (rev 196738)
@@ -40,8 +40,17 @@
shouldBe('a3[1]', '""');
debug("");
-debug("Test bad input to string constructor");
+debug("Test bad input to constructor");
shouldThrow('new WebKitCSSMatrix("banana")');
+shouldThrow('new WebKitCSSMatrix("translate(1em)")');
+shouldThrow('new WebKitCSSMatrix("translate(10px, 1em)")');
+shouldThrow('new WebKitCSSMatrix("translate(10px, calc(10px))")');
+shouldThrow('new WebKitCSSMatrix("translate(1ex)")');
+shouldThrow('new WebKitCSSMatrix("translate(1%)")');
+shouldThrow('new WebKitCSSMatrix("translatex(1em)")');
+shouldThrow('new WebKitCSSMatrix("translatex(calc(10px))")');
+shouldThrow('new WebKitCSSMatrix("translatey(1em)")');
+shouldThrow('new WebKitCSSMatrix("translatey(calc(10px))")');
debug("");
debug("Test attributes on default matrix");
Modified: trunk/LayoutTests/transforms/cssmatrix-3d-interface-expected.txt (196737 => 196738)
--- trunk/LayoutTests/transforms/cssmatrix-3d-interface-expected.txt 2016-02-18 02:04:40 UTC (rev 196737)
+++ trunk/LayoutTests/transforms/cssmatrix-3d-interface-expected.txt 2016-02-18 02:13:37 UTC (rev 196738)
@@ -28,8 +28,21 @@
PASS parseFloat(a3[0]) is 1
PASS a3[1] is ""
-Test bad input to string constructor
+Test bad input to constructor
PASS new WebKitCSSMatrix("banana") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate3d(1em, 0, 0)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate3d(10px, 1em, 0)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate3d(10px, 10px, calc(10px))") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate3d(calc(10px), 10px, 10px)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate3d(10px, calc(10px), 10px)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate3d(1ex, 0, 0)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translatez(1em)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translatez(calc(10px))") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("translate(1%, 0, 0)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("perspective(1em)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("perspective(calc(10px))") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("perspective(1ex)") threw exception Error: SyntaxError: DOM Exception 12.
+PASS new WebKitCSSMatrix("perspective(1%)") threw exception Error: SyntaxError: DOM Exception 12.
Test attributes on default matrix
PASS m.m11 is 1
Modified: trunk/LayoutTests/transforms/cssmatrix-3d-interface.xhtml (196737 => 196738)
--- trunk/LayoutTests/transforms/cssmatrix-3d-interface.xhtml 2016-02-18 02:04:40 UTC (rev 196737)
+++ trunk/LayoutTests/transforms/cssmatrix-3d-interface.xhtml 2016-02-18 02:13:37 UTC (rev 196738)
@@ -59,8 +59,21 @@
shouldBe('a3[1]', '""');
debug("");
-debug("Test bad input to string constructor");
+debug("Test bad input to constructor");
shouldThrow('new WebKitCSSMatrix("banana")');
+shouldThrow('new WebKitCSSMatrix("translate3d(1em, 0, 0)")');
+shouldThrow('new WebKitCSSMatrix("translate3d(10px, 1em, 0)")');
+shouldThrow('new WebKitCSSMatrix("translate3d(10px, 10px, calc(10px))")');
+shouldThrow('new WebKitCSSMatrix("translate3d(calc(10px), 10px, 10px)")');
+shouldThrow('new WebKitCSSMatrix("translate3d(10px, calc(10px), 10px)")');
+shouldThrow('new WebKitCSSMatrix("translate3d(1ex, 0, 0)")');
+shouldThrow('new WebKitCSSMatrix("translatez(1em)")');
+shouldThrow('new WebKitCSSMatrix("translatez(calc(10px))")');
+shouldThrow('new WebKitCSSMatrix("translate(1%, 0, 0)")');
+shouldThrow('new WebKitCSSMatrix("perspective(1em)")');
+shouldThrow('new WebKitCSSMatrix("perspective(calc(10px))")');
+shouldThrow('new WebKitCSSMatrix("perspective(1ex)")');
+shouldThrow('new WebKitCSSMatrix("perspective(1%)")');
debug("");
debug("Test attributes on default matrix");
Modified: trunk/Source/WebCore/ChangeLog (196737 => 196738)
--- trunk/Source/WebCore/ChangeLog 2016-02-18 02:04:40 UTC (rev 196737)
+++ trunk/Source/WebCore/ChangeLog 2016-02-18 02:13:37 UTC (rev 196738)
@@ -1,3 +1,33 @@
+2016-02-17 Dean Jackson <[email protected]>
+
+ WebKitCSSMatrix transformList with calculated relative length crashes Safari.
+ https://bugs.webkit.org/show_bug.cgi?id=153333
+ <rdar://problem/17198383>
+
+ Reviewed by Simon Fraser.
+
+ WebKitCSSMatrix objects should fail to construct when not
+ using absolute lengths.
+
+ Updated existing tests:
+ - transforms/cssmatrix-2d-interface.xhtml
+ - transforms/cssmatrix-3d-interface.xhtml
+
+ * css/StyleBuilderConverter.h:
+ (WebCore::StyleBuilderConverter::convertTransform): Tell transformsForValue
+ that we don't require absolute lengths.
+ * css/TransformFunctions.cpp:
+ (WebCore::convertToFloatLength): Add an optional parameter that will
+ cause the conversion to fail if the primitive value has a non-absolute
+ length.
+ (WebCore::transformsForValue): Pass the parameter for requiring an
+ absolute length on to convertToFloatLength when necessary.
+ * css/TransformFunctions.h:
+ * css/WebKitCSSMatrix.cpp:
+ (WebCore::WebKitCSSMatrix::setMatrixValue): In this case we do
+ require all transform strings to have absolute lengths, not ones
+ that depend on the font size or are calculated.
+
2016-02-17 Commit Queue <[email protected]>
Unreviewed, rolling out r196712.
Modified: trunk/Source/WebCore/css/StyleBuilderConverter.h (196737 => 196738)
--- trunk/Source/WebCore/css/StyleBuilderConverter.h 2016-02-18 02:04:40 UTC (rev 196737)
+++ trunk/Source/WebCore/css/StyleBuilderConverter.h 2016-02-18 02:13:37 UTC (rev 196738)
@@ -355,7 +355,7 @@
inline TransformOperations StyleBuilderConverter::convertTransform(StyleResolver& styleResolver, CSSValue& value)
{
TransformOperations operations;
- transformsForValue(value, styleResolver.state().cssToLengthConversionData(), operations);
+ transformsForValue(value, styleResolver.state().cssToLengthConversionData(), TransformConversion::Auto, operations);
return operations;
}
Modified: trunk/Source/WebCore/css/TransformFunctions.cpp (196737 => 196738)
--- trunk/Source/WebCore/css/TransformFunctions.cpp 2016-02-18 02:04:40 UTC (rev 196737)
+++ trunk/Source/WebCore/css/TransformFunctions.cpp 2016-02-18 02:13:37 UTC (rev 196738)
@@ -76,12 +76,14 @@
return TransformOperation::NONE;
}
-Length convertToFloatLength(const CSSPrimitiveValue* primitiveValue, const CSSToLengthConversionData& conversionData)
+Length convertToFloatLength(const CSSPrimitiveValue* primitiveValue, const CSSToLengthConversionData& conversionData, TransformConversion transformConversion)
{
- return primitiveValue ? primitiveValue->convertToLength<FixedFloatConversion | PercentConversion | CalculatedConversion>(conversionData) : Length(Undefined);
+ if (transformConversion == TransformConversion::RequiresAbsoluteLength && !primitiveValue->isFontIndependentLength())
+ return Length(Undefined);
+ return primitiveValue ? primitiveValue->convertToLength<FixedFloatConversion | PercentConversion>(conversionData) : Length(Undefined);
}
-bool transformsForValue(CSSValue& value, const CSSToLengthConversionData& conversionData, TransformOperations& outOperations)
+bool transformsForValue(CSSValue& value, const CSSToLengthConversionData& conversionData, TransformConversion transformConversion, TransformOperations& outOperations)
{
if (!is<CSSValueList>(value)) {
outOperations.clear();
@@ -162,13 +164,13 @@
Length tx = Length(0, Fixed);
Length ty = Length(0, Fixed);
if (transformValue.operationType() == WebKitCSSTransformValue::TranslateYTransformOperation)
- ty = convertToFloatLength(&firstValue, conversionData);
+ ty = convertToFloatLength(&firstValue, conversionData, transformConversion);
else {
- tx = convertToFloatLength(&firstValue, conversionData);
+ tx = convertToFloatLength(&firstValue, conversionData, transformConversion);
if (transformValue.operationType() != WebKitCSSTransformValue::TranslateXTransformOperation) {
if (transformValue.length() > 1) {
CSSPrimitiveValue& secondValue = downcast<CSSPrimitiveValue>(*transformValue.itemWithoutBoundsCheck(1));
- ty = convertToFloatLength(&secondValue, conversionData);
+ ty = convertToFloatLength(&secondValue, conversionData, transformConversion);
}
}
}
@@ -185,19 +187,19 @@
Length ty = Length(0, Fixed);
Length tz = Length(0, Fixed);
if (transformValue.operationType() == WebKitCSSTransformValue::TranslateZTransformOperation)
- tz = convertToFloatLength(&firstValue, conversionData);
+ tz = convertToFloatLength(&firstValue, conversionData, transformConversion);
else if (transformValue.operationType() == WebKitCSSTransformValue::TranslateYTransformOperation)
- ty = convertToFloatLength(&firstValue, conversionData);
+ ty = convertToFloatLength(&firstValue, conversionData, transformConversion);
else {
- tx = convertToFloatLength(&firstValue, conversionData);
+ tx = convertToFloatLength(&firstValue, conversionData, transformConversion);
if (transformValue.operationType() != WebKitCSSTransformValue::TranslateXTransformOperation) {
if (transformValue.length() > 2) {
CSSPrimitiveValue& thirdValue = downcast<CSSPrimitiveValue>(*transformValue.itemWithoutBoundsCheck(2));
- tz = convertToFloatLength(&thirdValue, conversionData);
+ tz = convertToFloatLength(&thirdValue, conversionData, transformConversion);
}
if (transformValue.length() > 1) {
CSSPrimitiveValue& secondValue = downcast<CSSPrimitiveValue>(*transformValue.itemWithoutBoundsCheck(1));
- ty = convertToFloatLength(&secondValue, conversionData);
+ ty = convertToFloatLength(&secondValue, conversionData, transformConversion);
}
}
}
@@ -300,7 +302,7 @@
case WebKitCSSTransformValue::PerspectiveTransformOperation: {
Length p = Length(0, Fixed);
if (firstValue.isLength())
- p = convertToFloatLength(&firstValue, conversionData);
+ p = convertToFloatLength(&firstValue, conversionData, transformConversion);
else {
// This is a quirk that should go away when 3d transforms are finalized.
double val = firstValue.getDoubleValue();
Modified: trunk/Source/WebCore/css/TransformFunctions.h (196737 => 196738)
--- trunk/Source/WebCore/css/TransformFunctions.h 2016-02-18 02:04:40 UTC (rev 196737)
+++ trunk/Source/WebCore/css/TransformFunctions.h 2016-02-18 02:13:37 UTC (rev 196738)
@@ -42,8 +42,13 @@
struct Length;
-bool transformsForValue(CSSValue&, const CSSToLengthConversionData&, TransformOperations&);
-Length convertToFloatLength(const CSSPrimitiveValue*, const CSSToLengthConversionData&);
+enum class TransformConversion {
+ Auto,
+ RequiresAbsoluteLength
+};
+bool transformsForValue(CSSValue&, const CSSToLengthConversionData&, TransformConversion transformConversion, TransformOperations&);
+Length convertToFloatLength(const CSSPrimitiveValue*, const CSSToLengthConversionData&, TransformConversion transformConversion = TransformConversion::Auto);
+
}
#endif
Modified: trunk/Source/WebCore/css/WebKitCSSMatrix.cpp (196737 => 196738)
--- trunk/Source/WebCore/css/WebKitCSSMatrix.cpp 2016-02-18 02:04:40 UTC (rev 196737)
+++ trunk/Source/WebCore/css/WebKitCSSMatrix.cpp 2016-02-18 02:13:37 UTC (rev 196738)
@@ -67,7 +67,7 @@
return;
TransformOperations operations;
- if (!transformsForValue(*value, CSSToLengthConversionData(), operations)) {
+ if (!transformsForValue(*value, CSSToLengthConversionData(), TransformConversion::RequiresAbsoluteLength, operations)) {
ec = SYNTAX_ERR;
return;
}
