Closed Bug 418007 Opened 16 years ago Closed 15 years ago

"ASSERTION: scriptminsize should never be making things bigger" with huge fontsize, td

Categories

(Core :: MathML, defect)

Product:
Core
Component:
MathML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: assertion, testcase)

Attachments

(2 files)

testcase
473 bytes, application/xhtml+xml
Details
overflow guard
601 bytes, patch
Details | Diff | Splinter Review
Attached file testcase 
Loading the testcase triggers:

WARNING: negative font size: file /Users/jruderman/trunk/mozilla/gfx/thebes/src/gfxFont.cpp, line 893

###!!! ASSERTION: scriptminsize should never be making things bigger: 'aFont->mScriptUnconstrainedSize <= aFont->mSize', file /Users/jruderman/trunk/mozilla/layout/style/nsRuleNode.cpp, line 2400
Probably some kind of overflow issue.
Looks like the overflow happens in nsRuleNode.cpp in CalcLengthWidth, more specifically in:

    case eCSSUnit_Char: {
      return NSToCoordRound(aValue.GetFloatValue() * float(aFontSize));
      // XXX scale against font metrics height instead?
    }

Now, above is not the only call-site of NSToCoordRound in the function. I'm wondering if we should protect all of said sites against overflow or perhaps we should look elsewhere.. Hope this helps.
Attached patch overflow guardSplinter Review 
Guard against overflow at that location.
WFM on trunk.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Crashtest: http://hg.mozilla.org/mozilla-central/rev/f4622261cce8
Flags: in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: