Closed Bug 323386 Opened 19 years ago Closed 18 years ago

ASSERTION: Negative Width Input - very bad: 'mComputedWidth >= 0'

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

testcase
27 bytes, text/html
Details
Steps to reproduce: 1. Load a page containing <TEXTAREA COLS="381762666">. Result: ###!!! ASSERTION: Negative Width Input - very bad: 'mComputedWidth >= 0', file /Users/admin/trunk/mozilla/layout/generic/nsHTMLReflowState.cpp, line 2570 Break: at file /Users/admin/trunk/mozilla/layout/generic/nsHTMLReflowState.cpp, line 2570 My guess is that cols is multiplied by something, leading to an integer overflow. lg 381762666 = 28.5.
Attached file testcase
OS: MacOS X → All
Hardware: Macintosh → All
Yeah the problem is in nsHTMLReflowState::ComputeHorizontalValue these lines: 2305 nsStyleContext* styleContext = frame->GetStyleContext(); 2306 SetFontFromStyle(rendContext, styleContext); 2307 nscoord fontWidth; 2308 rendContext->GetWidth('M', fontWidth); 2309 aResult = aCoord.GetIntValue() * fontWidth; fontWidth is 120, aCoord.GetIntValue() returns 67108864.
WFM, Mac trunk debug.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
Crashtest checked in.
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: