Bug 254697

Summary: Fix operator precedence in SizesCalcParser.cpp
Product: WebKit Reporter: Ahmad Saleem <ahmad.saleem792>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: akeerthi, koivisto, rniwa, sgill26, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Ahmad Saleem 2023-03-29 15:20:56 PDT 
Hi Team,

While going through Blink's commit, I came across another potential merge and it seems to compile and work.

Blink Commit - https://chromium.googlesource.com/chromium/src.git/+/e0bcd910832c55445bc6bb4156acd716e0667248

WebKit Source - https://searchfox.org/wubkat/source/Source/WebCore/css/parser/SizesCalcParser.cpp#65

Just wanted to raise to get confirmation, if this need to be fixed.

It compiles locally (without comments) from Line 72-91:

    bool incomingOperatorPriority;

    if (!operatorPriority(token.delimiter(), incomingOperatorPriority))
        return false;
    
    while (!stack.isEmpty()) {
        const auto& topOfStack = stack.last();
        if (topOfStack.type() != DelimiterToken)
            break;
        bool stackOperatorPriority;
        if (!operatorPriority(topOfStack.delimiter(), stackOperatorPriority))
            return false;
    if (incomingOperatorPriority && !stackOperatorPriority)
        break;
        appendOperator(topOfStack);
        stack.removeLast();
    }
    stack.append(token);
    return true;
}

________

Appreciate if someone can confirm, I am happy to run it via EWS to see, if it works.

Thanks!
Comment 1 Ahmad Saleem 2023-03-30 15:33:15 PDT 
The issue is reproducible based on testcase mentioned on Chrome Monorail bug - https://codepen.io/anon/pen/GyPymY?editors=1100

First box get stuck on Safari 16.4 but using local patched build, all three remain same.
Comment 2 Radar WebKit Bug Importer 2023-04-05 15:21:15 PDT 
<rdar://problem/107681323>