Changeset 196738 in webkit
- Timestamp:
- Feb 17, 2016 6:13:37 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r196734 r196738 1 2016-02-17 Dean Jackson <dino@apple.com> 2 3 WebKitCSSMatrix transformList with calculated relative length crashes Safari. 4 https://bugs.webkit.org/show_bug.cgi?id=153333 5 <rdar://problem/17198383> 6 7 Reviewed by Simon Fraser. 8 9 Update existing tests to exercise the non-absolute lengths for translation 10 and perspective functions. 11 12 * transforms/cssmatrix-2d-interface-expected.txt: 13 * transforms/cssmatrix-2d-interface.xhtml: 14 * transforms/cssmatrix-3d-interface-expected.txt: 15 * transforms/cssmatrix-3d-interface.xhtml: 16 1 17 2016-02-17 Keith Miller <keith_miller@apple.com> 2 18 -
trunk/LayoutTests/transforms/cssmatrix-2d-interface-expected.txt
r134859 r196738 23 23 PASS a3[1] is "" 24 24 25 Test bad input to stringconstructor25 Test bad input to constructor 26 26 PASS new WebKitCSSMatrix("banana") threw exception Error: SyntaxError: DOM Exception 12. 27 PASS new WebKitCSSMatrix("translate(1em)") threw exception Error: SyntaxError: DOM Exception 12. 28 PASS new WebKitCSSMatrix("translate(10px, 1em)") threw exception Error: SyntaxError: DOM Exception 12. 29 PASS new WebKitCSSMatrix("translate(10px, calc(10px))") threw exception Error: SyntaxError: DOM Exception 12. 30 PASS new WebKitCSSMatrix("translate(1ex)") threw exception Error: SyntaxError: DOM Exception 12. 31 PASS new WebKitCSSMatrix("translate(1%)") threw exception Error: SyntaxError: DOM Exception 12. 32 PASS new WebKitCSSMatrix("translatex(1em)") threw exception Error: SyntaxError: DOM Exception 12. 33 PASS new WebKitCSSMatrix("translatex(calc(10px))") threw exception Error: SyntaxError: DOM Exception 12. 34 PASS new WebKitCSSMatrix("translatey(1em)") threw exception Error: SyntaxError: DOM Exception 12. 35 PASS new WebKitCSSMatrix("translatey(calc(10px))") threw exception Error: SyntaxError: DOM Exception 12. 27 36 28 37 Test attributes on default matrix -
trunk/LayoutTests/transforms/cssmatrix-2d-interface.xhtml
r155285 r196738 41 41 42 42 debug(""); 43 debug("Test bad input to stringconstructor");43 debug("Test bad input to constructor"); 44 44 shouldThrow('new WebKitCSSMatrix("banana")'); 45 shouldThrow('new WebKitCSSMatrix("translate(1em)")'); 46 shouldThrow('new WebKitCSSMatrix("translate(10px, 1em)")'); 47 shouldThrow('new WebKitCSSMatrix("translate(10px, calc(10px))")'); 48 shouldThrow('new WebKitCSSMatrix("translate(1ex)")'); 49 shouldThrow('new WebKitCSSMatrix("translate(1%)")'); 50 shouldThrow('new WebKitCSSMatrix("translatex(1em)")'); 51 shouldThrow('new WebKitCSSMatrix("translatex(calc(10px))")'); 52 shouldThrow('new WebKitCSSMatrix("translatey(1em)")'); 53 shouldThrow('new WebKitCSSMatrix("translatey(calc(10px))")'); 45 54 46 55 debug(""); -
trunk/LayoutTests/transforms/cssmatrix-3d-interface-expected.txt
r134859 r196738 29 29 PASS a3[1] is "" 30 30 31 Test bad input to stringconstructor31 Test bad input to constructor 32 32 PASS new WebKitCSSMatrix("banana") threw exception Error: SyntaxError: DOM Exception 12. 33 PASS new WebKitCSSMatrix("translate3d(1em, 0, 0)") threw exception Error: SyntaxError: DOM Exception 12. 34 PASS new WebKitCSSMatrix("translate3d(10px, 1em, 0)") threw exception Error: SyntaxError: DOM Exception 12. 35 PASS new WebKitCSSMatrix("translate3d(10px, 10px, calc(10px))") threw exception Error: SyntaxError: DOM Exception 12. 36 PASS new WebKitCSSMatrix("translate3d(calc(10px), 10px, 10px)") threw exception Error: SyntaxError: DOM Exception 12. 37 PASS new WebKitCSSMatrix("translate3d(10px, calc(10px), 10px)") threw exception Error: SyntaxError: DOM Exception 12. 38 PASS new WebKitCSSMatrix("translate3d(1ex, 0, 0)") threw exception Error: SyntaxError: DOM Exception 12. 39 PASS new WebKitCSSMatrix("translatez(1em)") threw exception Error: SyntaxError: DOM Exception 12. 40 PASS new WebKitCSSMatrix("translatez(calc(10px))") threw exception Error: SyntaxError: DOM Exception 12. 41 PASS new WebKitCSSMatrix("translate(1%, 0, 0)") threw exception Error: SyntaxError: DOM Exception 12. 42 PASS new WebKitCSSMatrix("perspective(1em)") threw exception Error: SyntaxError: DOM Exception 12. 43 PASS new WebKitCSSMatrix("perspective(calc(10px))") threw exception Error: SyntaxError: DOM Exception 12. 44 PASS new WebKitCSSMatrix("perspective(1ex)") threw exception Error: SyntaxError: DOM Exception 12. 45 PASS new WebKitCSSMatrix("perspective(1%)") threw exception Error: SyntaxError: DOM Exception 12. 33 46 34 47 Test attributes on default matrix -
trunk/LayoutTests/transforms/cssmatrix-3d-interface.xhtml
r155285 r196738 60 60 61 61 debug(""); 62 debug("Test bad input to stringconstructor");62 debug("Test bad input to constructor"); 63 63 shouldThrow('new WebKitCSSMatrix("banana")'); 64 shouldThrow('new WebKitCSSMatrix("translate3d(1em, 0, 0)")'); 65 shouldThrow('new WebKitCSSMatrix("translate3d(10px, 1em, 0)")'); 66 shouldThrow('new WebKitCSSMatrix("translate3d(10px, 10px, calc(10px))")'); 67 shouldThrow('new WebKitCSSMatrix("translate3d(calc(10px), 10px, 10px)")'); 68 shouldThrow('new WebKitCSSMatrix("translate3d(10px, calc(10px), 10px)")'); 69 shouldThrow('new WebKitCSSMatrix("translate3d(1ex, 0, 0)")'); 70 shouldThrow('new WebKitCSSMatrix("translatez(1em)")'); 71 shouldThrow('new WebKitCSSMatrix("translatez(calc(10px))")'); 72 shouldThrow('new WebKitCSSMatrix("translate(1%, 0, 0)")'); 73 shouldThrow('new WebKitCSSMatrix("perspective(1em)")'); 74 shouldThrow('new WebKitCSSMatrix("perspective(calc(10px))")'); 75 shouldThrow('new WebKitCSSMatrix("perspective(1ex)")'); 76 shouldThrow('new WebKitCSSMatrix("perspective(1%)")'); 64 77 65 78 debug(""); -
trunk/Source/WebCore/ChangeLog
r196737 r196738 1 2016-02-17 Dean Jackson <dino@apple.com> 2 3 WebKitCSSMatrix transformList with calculated relative length crashes Safari. 4 https://bugs.webkit.org/show_bug.cgi?id=153333 5 <rdar://problem/17198383> 6 7 Reviewed by Simon Fraser. 8 9 WebKitCSSMatrix objects should fail to construct when not 10 using absolute lengths. 11 12 Updated existing tests: 13 - transforms/cssmatrix-2d-interface.xhtml 14 - transforms/cssmatrix-3d-interface.xhtml 15 16 * css/StyleBuilderConverter.h: 17 (WebCore::StyleBuilderConverter::convertTransform): Tell transformsForValue 18 that we don't require absolute lengths. 19 * css/TransformFunctions.cpp: 20 (WebCore::convertToFloatLength): Add an optional parameter that will 21 cause the conversion to fail if the primitive value has a non-absolute 22 length. 23 (WebCore::transformsForValue): Pass the parameter for requiring an 24 absolute length on to convertToFloatLength when necessary. 25 * css/TransformFunctions.h: 26 * css/WebKitCSSMatrix.cpp: 27 (WebCore::WebKitCSSMatrix::setMatrixValue): In this case we do 28 require all transform strings to have absolute lengths, not ones 29 that depend on the font size or are calculated. 30 1 31 2016-02-17 Commit Queue <commit-queue@webkit.org> 2 32 -
trunk/Source/WebCore/css/StyleBuilderConverter.h
r196691 r196738 356 356 { 357 357 TransformOperations operations; 358 transformsForValue(value, styleResolver.state().cssToLengthConversionData(), operations);358 transformsForValue(value, styleResolver.state().cssToLengthConversionData(), TransformConversion::Auto, operations); 359 359 return operations; 360 360 } -
trunk/Source/WebCore/css/TransformFunctions.cpp
r187659 r196738 77 77 } 78 78 79 Length convertToFloatLength(const CSSPrimitiveValue* primitiveValue, const CSSToLengthConversionData& conversionData )79 Length convertToFloatLength(const CSSPrimitiveValue* primitiveValue, const CSSToLengthConversionData& conversionData, TransformConversion transformConversion) 80 80 { 81 return primitiveValue ? primitiveValue->convertToLength<FixedFloatConversion | PercentConversion | CalculatedConversion>(conversionData) : Length(Undefined); 81 if (transformConversion == TransformConversion::RequiresAbsoluteLength && !primitiveValue->isFontIndependentLength()) 82 return Length(Undefined); 83 return primitiveValue ? primitiveValue->convertToLength<FixedFloatConversion | PercentConversion>(conversionData) : Length(Undefined); 82 84 } 83 85 84 bool transformsForValue(CSSValue& value, const CSSToLengthConversionData& conversionData, Transform Operations& outOperations)86 bool transformsForValue(CSSValue& value, const CSSToLengthConversionData& conversionData, TransformConversion transformConversion, TransformOperations& outOperations) 85 87 { 86 88 if (!is<CSSValueList>(value)) { … … 163 165 Length ty = Length(0, Fixed); 164 166 if (transformValue.operationType() == WebKitCSSTransformValue::TranslateYTransformOperation) 165 ty = convertToFloatLength(&firstValue, conversionData );166 else { 167 tx = convertToFloatLength(&firstValue, conversionData );167 ty = convertToFloatLength(&firstValue, conversionData, transformConversion); 168 else { 169 tx = convertToFloatLength(&firstValue, conversionData, transformConversion); 168 170 if (transformValue.operationType() != WebKitCSSTransformValue::TranslateXTransformOperation) { 169 171 if (transformValue.length() > 1) { 170 172 CSSPrimitiveValue& secondValue = downcast<CSSPrimitiveValue>(*transformValue.itemWithoutBoundsCheck(1)); 171 ty = convertToFloatLength(&secondValue, conversionData );173 ty = convertToFloatLength(&secondValue, conversionData, transformConversion); 172 174 } 173 175 } … … 186 188 Length tz = Length(0, Fixed); 187 189 if (transformValue.operationType() == WebKitCSSTransformValue::TranslateZTransformOperation) 188 tz = convertToFloatLength(&firstValue, conversionData );190 tz = convertToFloatLength(&firstValue, conversionData, transformConversion); 189 191 else if (transformValue.operationType() == WebKitCSSTransformValue::TranslateYTransformOperation) 190 ty = convertToFloatLength(&firstValue, conversionData );191 else { 192 tx = convertToFloatLength(&firstValue, conversionData );192 ty = convertToFloatLength(&firstValue, conversionData, transformConversion); 193 else { 194 tx = convertToFloatLength(&firstValue, conversionData, transformConversion); 193 195 if (transformValue.operationType() != WebKitCSSTransformValue::TranslateXTransformOperation) { 194 196 if (transformValue.length() > 2) { 195 197 CSSPrimitiveValue& thirdValue = downcast<CSSPrimitiveValue>(*transformValue.itemWithoutBoundsCheck(2)); 196 tz = convertToFloatLength(&thirdValue, conversionData );197 } 198 if (transformValue.length() > 1) { 199 CSSPrimitiveValue& secondValue = downcast<CSSPrimitiveValue>(*transformValue.itemWithoutBoundsCheck(1)); 200 ty = convertToFloatLength(&secondValue, conversionData );198 tz = convertToFloatLength(&thirdValue, conversionData, transformConversion); 199 } 200 if (transformValue.length() > 1) { 201 CSSPrimitiveValue& secondValue = downcast<CSSPrimitiveValue>(*transformValue.itemWithoutBoundsCheck(1)); 202 ty = convertToFloatLength(&secondValue, conversionData, transformConversion); 201 203 } 202 204 } … … 301 303 Length p = Length(0, Fixed); 302 304 if (firstValue.isLength()) 303 p = convertToFloatLength(&firstValue, conversionData );305 p = convertToFloatLength(&firstValue, conversionData, transformConversion); 304 306 else { 305 307 // This is a quirk that should go away when 3d transforms are finalized. -
trunk/Source/WebCore/css/TransformFunctions.h
r187659 r196738 43 43 struct Length; 44 44 45 bool transformsForValue(CSSValue&, const CSSToLengthConversionData&, TransformOperations&); 46 Length convertToFloatLength(const CSSPrimitiveValue*, const CSSToLengthConversionData&); 45 enum class TransformConversion { 46 Auto, 47 RequiresAbsoluteLength 48 }; 49 50 bool transformsForValue(CSSValue&, const CSSToLengthConversionData&, TransformConversion transformConversion, TransformOperations&); 51 Length convertToFloatLength(const CSSPrimitiveValue*, const CSSToLengthConversionData&, TransformConversion transformConversion = TransformConversion::Auto); 47 52 48 53 } -
trunk/Source/WebCore/css/WebKitCSSMatrix.cpp
r192900 r196738 68 68 69 69 TransformOperations operations; 70 if (!transformsForValue(*value, CSSToLengthConversionData(), operations)) {70 if (!transformsForValue(*value, CSSToLengthConversionData(), TransformConversion::RequiresAbsoluteLength, operations)) { 71 71 ec = SYNTAX_ERR; 72 72 return;
Note: See TracChangeset
for help on using the changeset viewer.