###!!! ABORT: Failed to fix stop offsets: 'firstStop >= 0.0', file layout/base/nsCSSRendering.cpp, line 2251 This assertion was added long ago: changeset: 32e1ceb06e44 user: Robert O'Callahan, Ms2ger date: Mon Nov 02 11:36:43 2009 -0800 summary: Bug 513395: Implement revised CSS gradient notation (2/2): rendering Like bug 822877, this involves feeding "999999999999999999..." to the CSS parser.

This fatal assertion still occurs in a recent trunk build. The root cause seems to be that we set a style value to -inf here: #0 style::gecko_bindings::sugar::ns_style_coord::CoordDataMut::copy_from_unchecked (self=0x7fdd5d698208, other=0x7ffeeaaab470) at servo/components/style/gecko_bindings/sugar/ns_style_coord.rs:268 #1 style::gecko_bindings::sugar::ns_style_coord::CoordDataMut::move_from (self=0x7fdd5d698208, other=...) at servo/components/style/gecko_bindings/sugar/ns_style_coord.rs:258 #2 style::gecko::conversions::<impl style::gecko_bindings::structs::root::nsStyleImage>::set_gradient (self=0x7fdd60882748, gradient=...) at servo/components/style/gecko/conversions.rs:371 #3 style::gecko::conversions::<impl style::gecko_bindings::structs::root::nsStyleImage>::set (self=0x7fdd60882748, image=...) at servo/components/style/gecko/conversions.rs:146 #4 style::gecko_properties::<impl style::gecko_bindings::structs::root::mozilla::GeckoBackground>::set_background_image (self=0x7fdd60882718, images=...) at toolkit/library/x86_64-unknown-linux-gnu/debug/build/style-9e163e8232ca1349/out/gecko_properties.rs:15444 #5 style::properties::longhands::background_image::cascade_property (declaration=0x7fdd5d696fe0, context=0x7ffeeaaac710) at toolkit/library/x86_64-unknown-linux-gnu/debug/build/style-9e163e8232ca1349/out/properties.rs:434 #6 style::properties::apply_declarations (device=0x7fdd57bb4008, pseudo=..., rules=0x7ffeeaaade08, guards=0x7ffeeaaaff88, iter_declarations=..., parent_style=..., parent_style_ignoring_first_line=..., layout_parent_style=..., visited_style=..., font_metrics_provider=..., flags=..., quirks_mode=selectors::context::QuirksMode::NoQuirks, rule_cache=..., rule_cache_conditions=0x7ffeeaaae008, element=...) at toolkit/library/x86_64-unknown-linux-gnu/debug/build/style-9e163e8232ca1349/out/properties.rs:136916 #7 0x00007fdd6ddc7994 in style::properties::cascade then we're doing arithmetic on that in mozilla::nsCSSGradientRenderer::Paint which leads to firstStop being -nan: 812 MOZ_ASSERT(firstStop >= 0.0, "Failed to fix stop offsets"); (gdb) p firstStop $1 = -nan(0x8000000000000)

Perhaps we could fix this by clamping the style values to something reasonable in stylo?

That sounds reasonable to me. Cam, any strong opinion about where should we do this? Doing it in a common place (integer parsing, etc) may be nicer. Perhaps we could clamp all integers to 'reasonable values', whatever that means?

We should ensure that we don't store invalid values like this in style structs. In this case, it's the tokenizer generating a Token::Percentage { unit_value: -inf, .. }, and that's not really a valid token value from the point of view of the CSS Syntax spec. But maybe it's useful as a way to indicate that we parsed some overflowing value? Either way, we should probably ensure that the Rust specified and computed values only ever have valid values in them. That probably means checking things like the output of arithmetic when simplifying and computing calc() expressions. I don't know about choosing reasonable values -- that's probably dependent on the particular property. So maybe best just to generate FLT_MAX / -FLT_MAX in all cases when we've overflowed to inf / -inf. Alternatively we could just do it in the glue code, but then we'd need to make sure things like serialization and animation interpolation work properly in the presence of inf / -inf.

Pushed by dholbert@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7ec9a244dfcd Add crashtest for this no-longer-reproducible bug. (no review, crashtest-only)