Bug 133272

Summary: Subpixel layout: Legacy Element.offset* client* return values are invalid in certain cases.
Product: WebKit Reporter: zalan <zalan>
Component: Layout and RenderingAssignee: zalan <zalan>
Status: RESOLVED FIXED    
Severity: Normal CC: cmarcelo, commit-queue, esprehn+autocc, kangil.han, simon.fraser
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

zalan
Reported 2014-05-25 20:59:20 PDT
In some cases legacy values need to be floored, in other cases they need rounding.
Attachments
Patch (3.88 KB, patch)
2014-05-25 21:20 PDT, zalan 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
zalan
Comment 1 2014-05-25 21:20:03 PDT
Created attachment 232055 [details] Patch
WebKit Commit Bot
Comment 2 2014-05-26 09:08:46 PDT
Comment on attachment 232055 [details] Patch Clearing flags on attachment: 232055 Committed r169346: <http://trac.webkit.org/changeset/169346>
WebKit Commit Bot
Comment 3 2014-05-26 09:08:51 PDT
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 4 2014-05-26 09:24:33 PDT
Comment on attachment 232055 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=232055&action=review > Source/WebCore/dom/Element.cpp:674 > + return convertToNonSubpixelValueIfNeeded(adjustForLocalZoom(renderer->offsetLeft(), *renderer, zoomFactor), renderer->document(), zoomFactor == 1 ? Floor : Round); This relies on undefined behavior and can be a real problem in practice. There is no guarantee on the order of evaluation of arguments when calling a function. Setting zoomFactor as a side effect in one argument and looking at zoomFactor as part of the expression for another argument can give different results on different compilers. Please split the call to adjustForLocalZoom out into a separate expression. > Source/WebCore/dom/Element.cpp:684 > + return convertToNonSubpixelValueIfNeeded(adjustForLocalZoom(renderer->offsetTop(), *renderer, zoomFactor), renderer->document(), zoomFactor == 1 ? Floor : Round); Same problem here.
Note You need to log in before you can comment on or make changes to this bug.