Last Comment Bug 645142 - "ABORT: negative lengths and percents should be rejected by parser" with huge font size
: "ABORT: negative lengths and percents should be rejected by parser" with huge...
Status: RESOLVED FIXED
: assertion, testcase
Product: Core
Classification: Components
Component: CSS Parsing and Computation (show other bugs)
: Trunk
: All All
: -- critical (vote)
: mozilla6
Assigned To: Mats Palmgren (vacation)
:
Mentors:
Depends on:
Blocks: randomstyles
  Show dependency treegraph
 
Reported: 2011-03-25 12:54 PDT by Jesse Ruderman
Modified: 2011-07-03 11:51 PDT (History)
3 users (show)
mats: in‑testsuite+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
testcase (asserts fatally when loaded) (86 bytes, text/html)
2011-03-25 12:54 PDT, Jesse Ruderman
no flags Details
stack trace (3.18 KB, text/plain)
2011-03-25 12:55 PDT, Jesse Ruderman
no flags Details
fix (1.85 KB, text/plain)
2011-03-27 13:22 PDT, Mats Palmgren (vacation)
no flags Details
fix v2 (1.84 KB, patch)
2011-03-27 13:34 PDT, Mats Palmgren (vacation)
dbaron: review+
Details | Diff | Splinter Review

Description Jesse Ruderman 2011-03-25 12:54:16 PDT
Created attachment 521914 [details]
testcase (asserts fatally when loaded)

###!!! ABORT: negative lengths and percents should be rejected by parser: 'sizeValue->IsCalcUnit()', file layout/style/nsRuleNode.cpp, line 2548
Comment 1 Jesse Ruderman 2011-03-25 12:55:47 PDT
Created attachment 521917 [details]
stack trace
Comment 2 Mats Palmgren (vacation) 2011-03-27 13:22:54 PDT
Created attachment 522239 [details]
fix
Comment 3 Mats Palmgren (vacation) 2011-03-27 13:26:17 PDT
Comment on attachment 522239 [details]
fix

Clearly wrong....
Comment 4 Mats Palmgren (vacation) 2011-03-27 13:34:37 PDT
Created attachment 522240 [details] [diff] [review]
fix v2

The value is already in app units so we only need to clamp it.
Comment 5 David Baron :dbaron: ⌚️UTC+2 (mostly busy through August 4; review requests must explain patch) 2011-05-11 01:22:36 PDT
Comment on attachment 522240 [details] [diff] [review]
fix v2

If you're going to cast anything to float(), you should cast the
result of aPresContext->DeviceContext()->AppUnitsPerPhysicalInch(),
that is, to make it:

+  return NSToCoordRoundWithClamp(inches *
+    float(aPresContext->DeviceContext()->AppUnitsPerPhysicalInch()));

I think you should also use NSToCoordFloorClamped instead of
NSToCoordRoundWithClamp

r=dbaron with that
Comment 7 Bob Clary [:bc:] 2011-07-03 11:45:40 PDT
I see this in recent Aurora and Nightly on Linux, Windows, Mac at a NSFW url (next comment will be private).

###!!! ABORT: negative lengths and percents should be rejected by parser: 'sizeValue->IsCalcUnit()', file /work/mozilla/builds/nightly/mozilla/layout/style/nsRuleNode.cpp, line 2561

pseudo stack: mozalloc_abort | Abort | NS_DebugBreak_P | nsRuleNode::SetFontSize nsRuleNode::SetFont nsRuleNode::ComputeFontData nsRuleNode::WalkRuleTree nsRuleNode::GetStyleData

Should this be reopened or a new bug filed?
Comment 9 Jesse Ruderman 2011-07-03 11:51:08 PDT
New bug, please. And NSFW URLs don't automatically need to be security-sensitive :)

Note You need to log in before you can comment on or make changes to this bug.