Bug 1015563: Soften flexbox assertion that can fail from integer overflow. r=mats
authorDaniel Holbert <dholbert@cs.stanford.edu>
Mon, 02 Jun 2014 15:15:23 -0700
changeset 205442 6927b62f2fbaeb716d29a71982aa83aa8c0499bb
parent 205441 c99034436052ae4b0591c2f9822cf4240f7976a9
child 205443 a7cb611859922955b239281ac730ecf31b5db464
push id3741
push userasasaki@mozilla.com
push dateMon, 21 Jul 2014 20:25:18 +0000
treeherdermozilla-beta@4d6f46f5af68 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmats
bugs1015563
milestone32.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1015563: Soften flexbox assertion that can fail from integer overflow. r=mats
layout/generic/crashtests/1015563-1.html
layout/generic/crashtests/1015563-2.html
layout/generic/crashtests/crashtests.list
layout/generic/nsFlexContainerFrame.cpp
new file mode 100644
--- /dev/null
+++ b/layout/generic/crashtests/1015563-1.html
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<html style="display: inline-flex;">
+<body style="margin: -3642924795px; flex-grow: 1;"></body>
+</html>
new file mode 100644
--- /dev/null
+++ b/layout/generic/crashtests/1015563-2.html
@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html>
+  <div style="display: flex">
+    <div style="margin: -3642924795px; flex-grow: 1;"></div>
+  </div>
+</body>
+</html>
--- a/layout/generic/crashtests/crashtests.list
+++ b/layout/generic/crashtests/crashtests.list
@@ -526,9 +526,11 @@ load 943509-1.html
 asserts(3-6) load 944909-1.html
 test-pref(layout.css.sticky.enabled,true) load 949932.html
 load 973701-1.xhtml
 load 973701-2.xhtml
 load 986899.html
 load 1001233.html
 load 1001258-1.html
 pref(layout.css.grid.enabled,true) load 1015562.html
+asserts(2) load 1015563-1.html
+asserts(2) load 1015563-2.html
 load outline-on-frameset.xhtml
--- a/layout/generic/nsFlexContainerFrame.cpp
+++ b/layout/generic/nsFlexContainerFrame.cpp
@@ -1754,22 +1754,26 @@ FlexLine::ResolveFlexibleLengths(nscoord
         item->SetMainSize(item->GetFlexBaseSize());
       }
       availableFreeSpace -= item->GetMainSize();
     }
 
     PR_LOG(GetFlexContainerLog(), PR_LOG_DEBUG,
            (" available free space = %d\n", availableFreeSpace));
 
-    MOZ_ASSERT((isUsingFlexGrow && availableFreeSpace >= 0) ||
-               (!isUsingFlexGrow && availableFreeSpace <= 0),
-               "The sign of our free space should never disagree with the "
-               "type of flexing (grow/shrink) that we're doing. Any potential "
-               "disagreement should've made us use the other type of flexing, "
-               "or should've been resolved in FreezeItemsEarly");
+
+    // The sign of our free space should agree with the type of flexing
+    // (grow/shrink) that we're doing (except if we've had integer overflow;
+    // then, all bets are off). Any disagreement should've made us use the
+    // other type of flexing, or should've been resolved in FreezeItemsEarly.
+    // XXXdholbert If & when bug 765861 is fixed, we should upgrade this
+    // assertion to be fatal except in documents with enormous lengths.
+    NS_ASSERTION((isUsingFlexGrow && availableFreeSpace >= 0) ||
+                 (!isUsingFlexGrow && availableFreeSpace <= 0),
+                 "availableFreeSpace's sign should match isUsingFlexGrow");
 
     // If we have any free space available, give each flexible item a portion
     // of availableFreeSpace.
     if (availableFreeSpace != 0) {
       // The first time we do this, we initialize origAvailableFreeSpace.
       if (!isOrigAvailFreeSpaceInitialized) {
         origAvailableFreeSpace = availableFreeSpace;
         isOrigAvailFreeSpaceInitialized = true;