Bug 126899

Summary: Subpixel layout: IntRect::infiniteRect() overflows when subpixel layout is enabled.
Product: WebKit Reporter: zalan <zalan>
Component: Layout and RenderingAssignee: zalan <zalan>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, sam, simon.fraser, thorton
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 126283    
Attachments:
Description Flags
Patch none

Description zalan 2014-01-13 07:37:48 PST 
svg/custom/masking-clipping-hidpi.svg
Comment 1 zalan 2014-01-16 12:46:47 PST 
overflow caused by IntRect::infiniteRect() (static IntRect infiniteRect(-std::numeric_limits<int>::max() / 2, -std::numeric_limits<int>::max() / 2, std::numeric_limits<int>::max(), std::numeric_limits<int>::max()); ) causes unexpected clipping -> missing content.
Comment 2 zalan 2014-01-16 13:04:56 PST 
This should help

diff --git a/Source/WebCore/platform/graphics/IntRect.h b/Source/WebCore/platform/graphics/IntRect.h
index 0a6d4aa..130fd83 100644
--- a/Source/WebCore/platform/graphics/IntRect.h
+++ b/Source/WebCore/platform/graphics/IntRect.h
@@ -27,6 +27,7 @@
 #define IntRect_h
 
 #include "IntPoint.h"
+#include "LayoutUnit.h"
 #include <wtf/Vector.h>
 
 #if USE(CG)
@@ -236,7 +237,8 @@ inline bool operator!=(const IntRect& a, const IntRect& b)
 
 inline IntRect IntRect::infiniteRect()
 {
-    static IntRect infiniteRect(-std::numeric_limits<int>::max() / 2, -std::numeric_limits<int>::max() / 2, std::numeric_limits<int>::max(), std::numeric_limits<int>::max());
+    static IntRect infiniteRect(-LayoutUnit::max() / 2, -LayoutUnit::max() / 2, LayoutUnit::max(), LayoutUnit::max());
     return infiniteRect;
 }
Comment 3 Tim Horton 2014-01-16 13:56:39 PST 
Oh, yes, one of the other ports noticed that we should do this (I didn't want to, but eventually became resigned to it) but closed their bug in a different way so I forgot about it. r+ if you post a patch.
Comment 4 zalan 2014-01-18 10:17:29 PST 
Created attachment 221555 [details]
Patch
Comment 5 WebKit Commit Bot 2014-01-18 13:20:08 PST 
Comment on attachment 221555 [details]
Patch

Clearing flags on attachment: 221555

Committed r162273: <http://trac.webkit.org/changeset/162273>
Comment 6 WebKit Commit Bot 2014-01-18 13:20:10 PST 
All reviewed patches have been landed.  Closing bug.
Comment 7 Sam Weinig 2014-01-19 10:51:36 PST 
This doesn't sit right with me (why should something called infiniteRect() have anything to do with LayoutUnits?)  Can we at least add a comment explaining this weirdness?