Bug 664955 - "ASSERTION: parser should have rejected negative length". r=bz

2024-09-13 09:24:08 -07:00 · 2011-07-04 20:13:20 +02:00 · 2011-07-04 20:13:20 +02:00 · 40edc8feb0
commit 40edc8feb0
parent fa2ae1571e
4 changed files with 46 additions and 5 deletions
--- a/layout/style/nsRuleNode.cpp
+++ b/layout/style/nsRuleNode.cpp
@ -2535,7 +2535,8 @@ nsRuleNode::SetFontSize(nsPresContext* aPresContext,
      if (NS_STYLE_FONT_SIZE_LARGER == value) {
        *aSize = nsStyleUtil::FindNextLargerFontSize(parentSize,
                         baseSize, scaleFactor, aPresContext, eFontSize_CSS);
-        NS_ASSERTION(*aSize > parentSize,
+
+        NS_ASSERTION(*aSize >= parentSize,
                     "FindNextLargerFontSize failed");
      }
      else {
--- a/layout/style/nsStyleUtil.cpp
+++ b/layout/style/nsStyleUtil.cpp
@ -298,6 +298,7 @@ nscoord nsStyleUtil::FindNextLargerFontSize(nscoord aFontSize, PRInt32 aBasePoin
  PRInt32 indexMin;
  PRInt32 indexMax;
  float relativePosition;
+  nscoord adjustment;
  nscoord largerSize;
  nscoord indexFontSize = aFontSize; // XXX initialize to quell a spurious gcc3.2 warning
  nscoord smallestIndexFontSize;
@ -331,7 +332,7 @@ nscoord nsStyleUtil::FindNextLargerFontSize(nscoord aFontSize, PRInt32 aBasePoin
        largerIndexFontSize = CalcFontPointSize(index+1, aBasePointSize, aScalingFactor, aPresContext, aFontSizeType);
      } else if (indexFontSize == largestIndexFontSize) {
        smallerIndexFontSize = CalcFontPointSize(index-1, aBasePointSize, aScalingFactor, aPresContext, aFontSizeType);
-        largerIndexFontSize = NSToCoordRound(float(largestIndexFontSize) * 1.5);
+        largerIndexFontSize = NSCoordSaturatingMultiply(largestIndexFontSize, 1.5);
      } else {
        smallerIndexFontSize = CalcFontPointSize(index-1, aBasePointSize, aScalingFactor, aPresContext, aFontSizeType);
        largerIndexFontSize = CalcFontPointSize(index+1, aBasePointSize, aScalingFactor, aPresContext, aFontSizeType);
@ -339,14 +340,15 @@ nscoord nsStyleUtil::FindNextLargerFontSize(nscoord aFontSize, PRInt32 aBasePoin
      // compute the relative position of the parent size between the two closest indexed sizes
      relativePosition = float(aFontSize - smallerIndexFontSize) / float(indexFontSize - smallerIndexFontSize);
      // set the new size to have the same relative position between the next largest two indexed sizes
-      largerSize = indexFontSize + NSToCoordRound(relativePosition * (largerIndexFontSize - indexFontSize));      
+      adjustment = NSCoordSaturatingNonnegativeMultiply(largerIndexFontSize - indexFontSize, relativePosition);
+      largerSize = NSCoordSaturatingAdd(indexFontSize, adjustment);
    }
    else {  // larger than HTML table, increase by 50%
-      largerSize = NSToCoordRound(float(aFontSize) * 1.5);
+      largerSize = NSCoordSaturatingMultiply(aFontSize, 1.5);
    }
  }
  else { // smaller than HTML table, increase by 1px
-    largerSize = aFontSize + onePx; 
+    largerSize = NSCoordSaturatingAdd(aFontSize, onePx);
  }
  return largerSize;
 }
--- a/layout/style/test/Makefile.in
+++ b/layout/style/test/Makefile.in
@ -127,6 +127,7 @@ _TEST_FILES =	test_acid3_test46.html \
 		test_bug635286.html \
 		test_bug652486.html \
 		test_bug657143.html \
+		test_bug664955.html \
 		test_bug667520.html \
 		test_cascade.html \
 		test_compute_data_with_start_struct.html \
--- a/layout/style/test/test_bug664955.html
+++ b/layout/style/test/test_bug664955.html
@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=664955
+-->
+<head>
+  <title>Test for Bug 664955</title>
+  <script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=664955">Mozilla Bug 664955</a>
+<p id="display" style="font-size: 10000000000px"> <!-- must be superior to nscoord_MAX * 60 --> 
+<span id="larger" style="font-size: larger">
+<span id="larger-again" style="font-size: larger">
+</span>
+</span>
+</p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+/** Test for Bug 664955 **/
+var parentSize = document.defaultView.getComputedStyle($('display'), "").fontSize;
+var largerSize = document.defaultView.getComputedStyle($('larger'), "").fontSize;
+var largerAgainSize = document.defaultView.getComputedStyle($('larger-again'), "").fontSize;
+
+is(parentSize, largerSize, "font size is larger than max font size");
+is(parentSize, largerAgainSize, "font size is larger than max font size");
+
+</script>
+</pre>
+</body>
+</html>
+