Bug 525099: Bail out if GetZeroValueForUnit fails, in nsSMILCSSValueType. r=roc
authorDaniel Holbert <dholbert@cs.stanford.edu>
Thu, 29 Oct 2009 14:08:02 -0700
changeset 34285 a9d140540b4bc859c21ac943e45dc82393d6053c
parent 34284 3b932018ce6a0ee85d7e6b7ff9db23b558469967
child 34386 d588945739a81c1503c506a7c4916cfbda257c3f
push idunknown
push userunknown
push dateunknown
reviewersroc
bugs525099
milestone1.9.3a1pre
Bug 525099: Bail out if GetZeroValueForUnit fails, in nsSMILCSSValueType. r=roc
content/smil/crashtests/525099-1.svg
content/smil/crashtests/crashtests.list
content/smil/nsSMILCSSValueType.cpp
new file mode 100644
--- /dev/null
+++ b/content/smil/crashtests/525099-1.svg
@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<svg xmlns="http://www.w3.org/2000/svg">
+  <rect x="20" y="20" height="50" width="50" fill="blue">
+    <animate attributeName="display" by="inline"
+             begin="0s" dur="1s"/>
+  </rect>
+</svg>
--- a/content/smil/crashtests/crashtests.list
+++ b/content/smil/crashtests/crashtests.list
@@ -1,1 +1,2 @@
 load 523188-1.svg
+load 525099-1.svg
--- a/content/smil/nsSMILCSSValueType.cpp
+++ b/content/smil/nsSMILCSSValueType.cpp
@@ -83,17 +83,16 @@ GetZeroValueForUnit(nsStyleAnimation::Un
       return &sZeroCoord;
     case nsStyleAnimation::eUnit_Percent:
       return &sZeroPercent;
     case nsStyleAnimation::eUnit_Float:
       return &sZeroFloat;
     case nsStyleAnimation::eUnit_Color:
       return &sZeroColor;
     default:
-      NS_NOTREACHED("Calling GetZeroValueForUnit with an unsupported unit");
       return nsnull;
   }
 }
 
 static void
 InvertSign(nsStyleAnimation::Value& aStyleCoord)
 {
   switch (aStyleCoord.GetUnit()) {
@@ -182,18 +181,23 @@ nsSMILCSSValueType::Add(nsSMILValue& aDe
 
   NS_ABORT_IF_FALSE(destWrapper && valueToAddWrapper,
                     "these pointers shouldn't be null");
 
   if (destWrapper->mPropID == eCSSProperty_UNKNOWN) {
     NS_ABORT_IF_FALSE(destWrapper->mCSSValue.IsNull(),
                       "If property ID is unset, then the unit should be, too");
     // We need to update destWrapper, since it's part of an outparam.
-    destWrapper->mCSSValue =
-      *GetZeroValueForUnit(valueToAddWrapper->mCSSValue.GetUnit());
+    const nsStyleAnimation::Value* zeroVal =
+      GetZeroValueForUnit(valueToAddWrapper->mCSSValue.GetUnit());
+    if (!zeroVal) {
+      // No zero value for this unit --> doesn't support addition.
+      return NS_ERROR_FAILURE;
+    }
+    destWrapper->mCSSValue = *zeroVal;
     destWrapper->mPropID = valueToAddWrapper->mPropID;
     destWrapper->mPresContext = valueToAddWrapper->mPresContext;
   }
   NS_ABORT_IF_FALSE(valueToAddWrapper->mPropID != eCSSProperty_UNKNOWN &&
                     !valueToAddWrapper->mCSSValue.IsNull(),
                     "Added amount should be a parsed value");
 
   // Special case: font-size-adjust is explicitly non-additive
@@ -219,16 +223,20 @@ nsSMILCSSValueType::ComputeDistance(cons
   NS_ABORT_IF_FALSE(fromWrapper && toWrapper,
                     "These pointers shouldn't be null");
 
   const nsStyleAnimation::Value* fromCSSValue;
   if (fromWrapper->mPropID == eCSSProperty_UNKNOWN) {
     NS_ABORT_IF_FALSE(fromWrapper->mCSSValue.IsNull(),
                       "If property ID is unset, then the unit should be, too");
     fromCSSValue = GetZeroValueForUnit(toWrapper->mCSSValue.GetUnit());
+    if (!fromCSSValue) {
+      // No zero value for this unit --> doesn't support distance-computation.
+      return NS_ERROR_FAILURE;
+    }
   } else {
     fromCSSValue = &fromWrapper->mCSSValue;
   }
   NS_ABORT_IF_FALSE(toWrapper->mPropID != eCSSProperty_UNKNOWN &&
                     !toWrapper->mCSSValue.IsNull(),
                     "ComputeDistance endpoint should be a parsed value");
 
   return nsStyleAnimation::ComputeDistance(*fromCSSValue, toWrapper->mCSSValue,
@@ -257,16 +265,20 @@ nsSMILCSSValueType::Interpolate(const ns
   NS_ABORT_IF_FALSE(startWrapper && endWrapper && resultWrapper,
                     "These pointers shouldn't be null");
 
   const nsStyleAnimation::Value* startCSSValue;
   if (startWrapper->mPropID == eCSSProperty_UNKNOWN) {
     NS_ABORT_IF_FALSE(startWrapper->mCSSValue.IsNull(),
                       "If property ID is unset, then the unit should be, too");
     startCSSValue = GetZeroValueForUnit(endWrapper->mCSSValue.GetUnit());
+    if (!startCSSValue) {
+      // No zero value for this unit --> doesn't support interpolation.
+      return NS_ERROR_FAILURE;
+    }
   } else {
     startCSSValue = &startWrapper->mCSSValue;
   }
   NS_ABORT_IF_FALSE(endWrapper->mPropID != eCSSProperty_UNKNOWN &&
                     !endWrapper->mCSSValue.IsNull(),
                     "Interpolate endpoint should be a parsed value");
 
   if (nsStyleAnimation::Interpolate(*startCSSValue,