Closed Bug 418007 Opened 13 years ago Closed 11 years ago

"ASSERTION: scriptminsize should never be making things bigger" with huge fontsize, td

Categories

(Core :: MathML, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase)

Attachments

(2 files)

Attached file testcase
Loading the testcase triggers:

WARNING: negative font size: file /Users/jruderman/trunk/mozilla/gfx/thebes/src/gfxFont.cpp, line 893

###!!! ASSERTION: scriptminsize should never be making things bigger: 'aFont->mScriptUnconstrainedSize <= aFont->mSize', file /Users/jruderman/trunk/mozilla/layout/style/nsRuleNode.cpp, line 2400
Probably some kind of overflow issue.
Looks like the overflow happens in nsRuleNode.cpp in CalcLengthWidth, more specifically in:

    case eCSSUnit_Char: {
      return NSToCoordRound(aValue.GetFloatValue() * float(aFontSize));
      // XXX scale against font metrics height instead?
    }

Now, above is not the only call-site of NSToCoordRound in the function. I'm wondering if we should protect all of said sites against overflow or perhaps we should look elsewhere.. Hope this helps.
Attached patch overflow guardSplinter Review
Guard against overflow at that location.
WFM on trunk.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
Crashtest: http://hg.mozilla.org/mozilla-central/rev/f4622261cce8
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.