-
hmuller@adobe.com authored
https://bugs.webkit.org/show_bug.cgi?id=121020 Reviewed by Dirk Schulze. Source/WebCore: This change prevents a crash caused by specifying a CSS Shape geometry Length attribute with a calc() expression. It adds support for converting Lengths to CSSPrimitive Values, in large part by migrating Blink changes made to the calc classes since the split. Doing so required a few supporting changes in some related classes, notably CSSPrimitiveValue. Tests: fast/shapes/shape-inside/shape-inside-calc-crash.html css3/calc/simplification.html * css/BasicShapeFunctions.cpp: (WebCore::convertToCSSPrimitiveValue): Effectively use the new CSSPrimtiveValue(length,style) constructor to convert Lengths to CSSValues. (WebCore::valueForBasicShape): Use the convertToCSSPrimitiveValue() function. (WebCore::convertToLength): Added the CalculatedConversion convertToLength() flag to enable support for calc() valued Length Shape attributes. * css/BasicShapeFunctions.h: * css/CSSCalculationValue.cpp: (WebCore::hasDoubleValue): (WebCore::buildCssText): (WebCore::CSSCalcValue::clampToPermittedRange): (WebCore::CSSCalcValue::doubleValue): (WebCore::CSSCalcExpressionNode::~CSSCalcExpressionNode): (WebCore::CSSCalcPrimitiveValue::create): (WebCore::CSSCalcPrimitiveValue::toCalcValue): (WebCore::CSSCalcPrimitiveValue::doubleValue): (WebCore::CSSCalcPrimitiveValue::computeLengthPx): (WebCore::CSSCalcPrimitiveValue::primitiveType): (WebCore::CSSCalcPrimitiveValue::CSSCalcPrimitiveValue): (WebCore::determineCategory): (WebCore::isIntegerResult): (WebCore::CSSCalcBinaryOperation::create): (WebCore::CSSCalcBinaryOperation::createSimplified): (WebCore::CSSCalcBinaryOperation::doubleValue): (WebCore::CSSCalcBinaryOperation::buildCssText): (WebCore::CSSCalcBinaryOperation::primitiveType): (WebCore::CSSCalcBinaryOperation::CSSCalcBinaryOperation): (WebCore::CSSCalcBinaryOperation::getNumberSide): (WebCore::CSSCalcBinaryOperation::evaluate): (WebCore::CSSCalcBinaryOperation::evaluateOperator): (WebCore::CSSCalcExpressionNodeParser::parseValue): (WebCore::CSSCalcExpressionNodeParser::parseValueTerm): (WebCore::CSSCalcExpressionNodeParser::parseValueMultiplicativeExpression): (WebCore::CSSCalcExpressionNodeParser::parseAdditiveValueExpression): (WebCore::CSSCalcValue::createExpressionNode): (WebCore::CSSCalcValue::create): * css/CSSCalculationValue.h: (WebCore::CSSCalcExpressionNode::category): (WebCore::CSSCalcValue::create): (WebCore::CSSCalcValue::isInt): (WebCore::CSSCalcValue::permittedValueRange): (WebCore::CSSCalcValue::expressionNode): (WebCore::CSSCalcValue::CSSCalcValue): (WebCore::toCSSCalcValue): * css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::propertyValue): Pass the style along to the new valueForBasicShape() function. * css/CSSPrimitiveValue.cpp: (WebCore::CSSPrimitiveValue::unitCategory): Made this function public so that CSSCalculationValue could use it. (WebCore::CSSPrimitiveValue::conversionToCanonicalUnitsScaleFactor): Ditto. (WebCore::CSSPrimitiveValue::primitiveType): Cleared trailing whitespace. (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Construct a CSSPrimitiveValue from a Length and a RenderStyle*. (WebCore::CSSPrimitiveValue::init): The common part of the two Length CSSPrimitiveValue constructors. (WebCore::CSSPrimitiveValue::computeLengthDouble): Moved the case labels to the left per check-webkit-style. (WebCore::CSSPrimitiveValue::getStringValue): Ditto. (WebCore::CSSPrimitiveValue::getDoubleValue): Removed trailing whitespace. * css/CSSPrimitiveValue.h: (WebCore::CSSPrimitiveValue::create): Construct a CSSPrimitiveValue from a Length and a RenderStyle*. (WebCore::toCSSPrimitiveValue): Check the CSSValue*'s validity with ASSERT_WITH_SECURITY_IMPLICATION before casting to CSSPrimitiveValue*. * css/CSSValuePool.h: (WebCore::CSSValuePool::createValue): A new overload that delegates to the new CSSPrimitiveValue(length,style) constructor. * platform/CalculationValue.h: (WebCore::CalculationValue::operator==): (WebCore::CalculationValue::isNonNegative): (WebCore::CalculationValue::expression): (WebCore::CalcExpressionNumber::value): (WebCore::toCalcExpressionNumber): (WebCore::CalcExpressionLength::CalcExpressionLength): (WebCore::CalcExpressionLength::length): (WebCore::toCalcExpressionLength): (WebCore::CalcExpressionBinaryOperation::leftSide): (WebCore::CalcExpressionBinaryOperation::rightSide): (WebCore::CalcExpressionBinaryOperation::getOperator): (WebCore::toCalcExpressionBinaryOperation): (WebCore::CalcExpressionBlendLength::CalcExpressionBlendLength): (WebCore::CalcExpressionBlendLength::from): (WebCore::CalcExpressionBlendLength::to): (WebCore::CalcExpressionBlendLength::progress): (WebCore::toCalcExpressionBlendLength): LayoutTests: Specifying a CSS Shape geometry Length attribute with a calc() expression or looking up the value with getComputedStyle(), caused crashes. * fast/shapes/shape-inside/shape-inside-calc-crash-expected.txt: Added. * fast/shapes/shape-inside/shape-inside-calc-crash.html: Added. * css3/calc/simplification-expected.txt: Added * css3/calc/simplification.html: Added * LayoutTests/css3/calc/cssom-expected.txt: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156586 268f45cc-cd09-0410-ab3c-d52691b4dbfc
df9b2640