commit 1c3f943cbe963cb26bb6db98ecfa75dc08906883
parent e45ad81c34f3f4fb8eeebbc7483543d3791f92c3
Author: Emilio Cobos Álvarez <emilio@crisal.io>
Date: Fri, 21 Nov 2025 20:27:16 +0000
Bug 2001004 - Use an epsilon to sanitize zoom values. r=dholbert,layout-reviewers
Bug 1956116 made us ignore 0 values. Bug 1974099 made zoom a float which
expanded the range of close-to-zero zoom ranges we can get here.
The regressing bug switched from NSToCoordRound to ::ToAppUnits, which
additionally clamps nscoord values, hitting this assert.
Differential Revision: https://phabricator.services.mozilla.com/D273564
Diffstat:
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/layout/base/nsPresContext.cpp b/layout/base/nsPresContext.cpp
@@ -1388,7 +1388,7 @@ void nsPresContext::SetFullZoom(float aZoom) {
// handle that edge case by just falling back to 1.0f here, so we can render
// something, and particularly so we don't do something invalid like trying
// to allocate a zero-sized or infinite-sized surface.)
- if (MOZ_UNLIKELY(!std::isfinite(aZoom) || aZoom <= 0.0f)) {
+ if (MOZ_UNLIKELY(!std::isfinite(aZoom) || aZoom < 1e-6f)) {
aZoom = 1.0f;
}
diff --git a/testing/web-platform/tests/css/css-viewport/zoom/tiny-zoom-iframe-crash.html b/testing/web-platform/tests/css/css-viewport/zoom/tiny-zoom-iframe-crash.html
@@ -0,0 +1,10 @@
+<style>
+* { zoom: 5% }
+</style>
+<script>
+document.addEventListener("DOMContentLoaded", () => {
+ b.appendChild(document.createElement("iframe"))
+})
+</script>
+<math>
+<ms id="b">1</ms>
