The browser crashes when it encounters extreme font-size values, such as font-size: 9999em. This issue occurs because the layout engine fails to handle excessively large font sizes, triggering a VERIFY failure in LayoutState.cpp:607.
This behavior breaks several WPTs and deviates from the handling observed in major browsers like Safari, Firefox, and Chrome. These browsers gracefully cap the font size at a maximum value, preventing crashes and continuing to render the content.
From my investigation, I couldn't find any specific instructions in the CSS spec for handling extreme values like font-size: 9999em, but all major browsers seem to adopt the approach of using the largest possible font size instead of crashing.
<!DOCTYPE html>
<style>
* {
font-size: 9999em;
}
</style>
one
VERIFICATION FAILED: !height.might_be_saturated() at /Users/pavel/Develop/ladybird/Userland/Libraries/LibWeb/Layout/LayoutState.cpp:607
0 liblagom-ak.0.0.0.dylib 0x000000010279f2f0 ak_verification_failed + 216
1 liblagom-web.0.0.0.dylib 0x00000001046c0724 Web::Layout::LayoutState::UsedValues::set_temporary_content_width(Web::CSSPixels) + 0
2 liblagom-web.0.0.0.dylib 0x000000010468b044 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 3016
3 liblagom-web.0.0.0.dylib 0x0000000104684c04 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 200
4 liblagom-web.0.0.0.dylib 0x0000000104684434 Web::Layout::BlockFormattingContext::run(Web::Layout::AvailableSpace const&) + 116
5 liblagom-web.0.0.0.dylib 0x000000010468af34 Web::Layout::BlockFormattingContext::layout_block_level_box(Web::Layout::Box const&, Web::Layout::BlockContainer const&, Web::CSSPixels&, Web::Layout::AvailableSpace const&) + 2744
6 liblagom-web.0.0.0.dylib 0x0000000104684c04 Web::Layout::BlockFormattingContext::layout_block_level_children(Web::Layout::BlockContainer const&, Web::Layout::AvailableSpace const&) + 200
7 liblagom-web.0.0.0.dylib 0x0000000104459ca0 Web::DOM::Document::update_layout() + 488
8 liblagom-web.0.0.0.dylib 0x000000010454ef68 AK::Function<void ()>::CallableWrapper<Web::HTML::EventLoop::queue_task_to_update_the_rendering()::$_0>::call() + 868
9 liblagom-web.0.0.0.dylib 0x00000001042f7588 AK::Function<void (Web::CSS::CSSRule const&)>::operator()(Web::CSS::CSSRule const&) const + 76
10 liblagom-web.0.0.0.dylib 0x000000010454d898 Web::HTML::EventLoop::process() + 84
11 liblagom-web.0.0.0.dylib 0x00000001047432a0 AK::Function<void ()>::CallableWrapper<Web::Platform::TimerSerenity::TimerSerenity()::$_0>::call() + 88
12 liblagom-core.0.0.0.dylib 0x00000001023ad388 AK::Function<void ()>::operator()() const + 76
13 liblagom-core.0.0.0.dylib 0x00000001023b2450 Core::EventReceiver::dispatch_event(Core::Event&, Core::EventReceiver*) + 112
14 liblagom-core.0.0.0.dylib 0x00000001023c206c Core::ThreadEventQueue::process() + 452
15 liblagom-core.0.0.0.dylib 0x00000001023ac2ac Core::EventLoopImplementationUnix::exec() + 44
16 liblagom-core.0.0.0.dylib 0x00000001023aaafc Core::EventLoop::exec() + 72
17 WebContent 0x000000010200e648 serenity_main(Main::Arguments) + 3904
18 WebContent 0x00000001020a1544 main + 216
19 dyld 0x0000000181300274 start + 2840
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
You're funding impactful open source efforts
You want to contribute to this effort
You want to get funding like this too