Bug 105961

Summary: Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC
Product: WebKit Reporter: Emil A Eklund <eae>
Component: PlatformAssignee: Emil A Eklund <eae>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, eric, inferno, leviw, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 95053    
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch for landing none

Emil A Eklund
Reported 2013-01-02 15:31:56 PST
The LayoutUnit::ceil and floor methods overflows if given the intMaxForLayoutUnit and intMinForLayoutUnit values respectively.
Attachments
Patch (4.41 KB, patch)
2013-01-02 15:37 PST, Emil A Eklund 		no flags
DetailsFormatted DiffDiff
Patch (4.88 KB, patch)
2013-01-02 16:02 PST, Emil A Eklund 		no flags
DetailsFormatted DiffDiff
Patch (4.87 KB, patch)
2013-01-02 17:06 PST, Emil A Eklund 		no flags
DetailsFormatted DiffDiff
Patch for landing (4.94 KB, patch)
2013-01-03 13:05 PST, Emil A Eklund 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Emil A Eklund
Comment 1 2013-01-02 15:37:11 PST
Created attachment 181086 [details] Patch
Emil A Eklund
Comment 2 2013-01-02 16:02:11 PST
Created attachment 181095 [details] Patch
Emil A Eklund
Comment 3 2013-01-02 17:06:48 PST
Created attachment 181112 [details] Patch
Emil A Eklund
Comment 4 2013-01-02 17:07:17 PST
Updated tests to also cover MAX - 1, MAX - 0.5, MIN + 1 and MIN + 0.5
Levi Weintraub
Comment 5 2013-01-03 12:54:45 PST
Comment on attachment 181112 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=181112&action=review This seems fine to me. I'd be curious to see the perf results (which I suspect are negligible), but since this flag isn't enabled, I think it's enough to watch the overall impact of enabling it. > Source/WebCore/ChangeLog:3 > + Fix overflow in LayoutUnit::ceil and flor for SATURATED_LAYOUT_ARITHMETIC Typo: 'flor' > Source/WebCore/platform/LayoutUnit.h:230 > + if (UNLIKELY(m_value <= INT_MIN + kEffectiveFixedPointDenominator - 1)) > + return intMinForLayoutUnit; I'm not used to seeing UNLIKELY in WebCore code, but I imagine if I'm going to run into it, I'd expect it in platform/. > Tools/ChangeLog:3 > + Fix overflow in LayoutUnit::ceil and flor for SATURATED_LAYOUT_ARITHMETIC 'flor'
Emil A Eklund
Comment 6 2013-01-03 13:05:16 PST
Created attachment 181208 [details] Patch for landing
WebKit Review Bot
Comment 7 2013-01-03 13:52:26 PST
Comment on attachment 181208 [details] Patch for landing Clearing flags on attachment: 181208 Committed r138736: <http://trac.webkit.org/changeset/138736>
WebKit Review Bot
Comment 8 2013-01-03 13:52:29 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.