Closed Bug 323386 Opened 18 years ago Closed 16 years ago

ASSERTION: Negative Width Input - very bad: 'mComputedWidth >= 0'

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

testcase
27 bytes, text/html
Details 
Steps to reproduce:
1. Load a page containing <TEXTAREA COLS="381762666">.

Result:

###!!! ASSERTION: Negative Width Input - very bad: 'mComputedWidth >= 0', file /Users/admin/trunk/mozilla/layout/generic/nsHTMLReflowState.cpp, line 2570
Break: at file /Users/admin/trunk/mozilla/layout/generic/nsHTMLReflowState.cpp, line 2570

My guess is that cols is multiplied by something, leading to an integer overflow.  lg 381762666 = 28.5.
Attached file testcase 
OS: MacOS X → All
Hardware: Macintosh → All

    
    

    
  
Yeah the problem is in nsHTMLReflowState::ComputeHorizontalValue these lines:
2305       nsStyleContext* styleContext = frame->GetStyleContext();
2306       SetFontFromStyle(rendContext, styleContext);
2307       nscoord fontWidth;
2308       rendContext->GetWidth('M', fontWidth);
2309       aResult = aCoord.GetIntValue() * fontWidth;

fontWidth is 120, aCoord.GetIntValue() returns 67108864.

    
    

    
  
WFM, Mac trunk debug.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME

    
    

    
  
Crashtest checked in.
Flags: in-testsuite+

          You need to log in
          before you can comment on or make changes to this bug.