Don't do floating point assignment from uninitialized data, since it can crash. b=422011 r+sr=bzbarsky a=damon
authordbaron@dbaron.org
Wed, 12 Mar 2008 15:05:27 -0700
changeset 12972 01abab9a2c914b12564bc71d6370e81aa06d3a6d
parent 12971 b2114b0d4e6e16e02057072706f427ee25200e85
child 12973 780c2a3a5c6cbe4f68fd334e6ae74014d85266c1
push idunknown
push userunknown
push dateunknown
reviewersdamon
bugs422011
milestone1.9b5pre
Don't do floating point assignment from uninitialized data, since it can crash. b=422011 r+sr=bzbarsky a=damon
layout/style/nsCSSValue.cpp
layout/style/nsCSSValue.h
--- a/layout/style/nsCSSValue.cpp
+++ b/layout/style/nsCSSValue.cpp
@@ -122,56 +122,62 @@ nsCSSValue::nsCSSValue(nsCSSValue::Image
 {
   mValue.mImage = aValue;
   mValue.mImage->AddRef();
 }
 
 nsCSSValue::nsCSSValue(const nsCSSValue& aCopy)
   : mUnit(aCopy.mUnit)
 {
-  if ((eCSSUnit_String <= mUnit) && (mUnit <= eCSSUnit_Attr)) {
+  if (mUnit <= eCSSUnit_Dummy) {
+    // nothing to do, but put this important case first
+  }
+  else if (eCSSUnit_Percent <= mUnit) {
+    mValue.mFloat = aCopy.mValue.mFloat;
+  }
+  else if (eCSSUnit_String <= mUnit && mUnit <= eCSSUnit_Attr) {
     mValue.mString = aCopy.mValue.mString;
     mValue.mString->AddRef();
   }
-  else if ((eCSSUnit_Integer <= mUnit) && (mUnit <= eCSSUnit_EnumColor)) {
+  else if (eCSSUnit_Integer <= mUnit && mUnit <= eCSSUnit_EnumColor) {
     mValue.mInt = aCopy.mValue.mInt;
   }
-  else if (eCSSUnit_Color == mUnit){
+  else if (eCSSUnit_Color == mUnit) {
     mValue.mColor = aCopy.mValue.mColor;
   }
   else if (eCSSUnit_Array <= mUnit && mUnit <= eCSSUnit_Counters) {
     mValue.mArray = aCopy.mValue.mArray;
     mValue.mArray->AddRef();
   }
-  else if (eCSSUnit_URL == mUnit){
+  else if (eCSSUnit_URL == mUnit) {
     mValue.mURL = aCopy.mValue.mURL;
     mValue.mURL->AddRef();
   }
-  else if (eCSSUnit_Image == mUnit){
+  else if (eCSSUnit_Image == mUnit) {
     mValue.mImage = aCopy.mValue.mImage;
     mValue.mImage->AddRef();
   }
   else {
-    mValue.mFloat = aCopy.mValue.mFloat;
+    NS_NOTREACHED("unknown unit");
   }
 }
 
 nsCSSValue& nsCSSValue::operator=(const nsCSSValue& aCopy)
 {
   if (this != &aCopy) {
     Reset();
     new (this) nsCSSValue(aCopy);
   }
   return *this;
 }
 
 PRBool nsCSSValue::operator==(const nsCSSValue& aOther) const
 {
   if (mUnit == aOther.mUnit) {
-    if (mUnit <= eCSSUnit_System_Font) {
+    if (mUnit <= eCSSUnit_Dummy) {
       return PR_TRUE;
     }
     else if ((eCSSUnit_String <= mUnit) && (mUnit <= eCSSUnit_Attr)) {
       return (NS_strcmp(GetBufferValue(mValue.mString),
                         GetBufferValue(aOther.mValue.mString)) == 0);
     }
     else if ((eCSSUnit_Integer <= mUnit) && (mUnit <= eCSSUnit_EnumColor)) {
       return mValue.mInt == aOther.mValue.mInt;
--- a/layout/style/nsCSSValue.h
+++ b/layout/style/nsCSSValue.h
@@ -133,17 +133,17 @@ public:
 
   struct Image;
   friend struct Image;
   
   // for valueless units only (null, auto, inherit, none, normal)
   explicit nsCSSValue(nsCSSUnit aUnit = eCSSUnit_Null)
     : mUnit(aUnit)
   {
-    NS_ASSERTION(aUnit <= eCSSUnit_System_Font, "not a valueless unit");
+    NS_ASSERTION(aUnit <= eCSSUnit_Dummy, "not a valueless unit");
   }
 
   nsCSSValue(PRInt32 aValue, nsCSSUnit aUnit) NS_HIDDEN;
   nsCSSValue(float aValue, nsCSSUnit aUnit) NS_HIDDEN;
   nsCSSValue(const nsString& aValue, nsCSSUnit aUnit) NS_HIDDEN;
   explicit nsCSSValue(nscolor aValue) NS_HIDDEN;
   nsCSSValue(Array* aArray, nsCSSUnit aUnit) NS_HIDDEN;
   explicit nsCSSValue(URL* aValue) NS_HIDDEN;