| Summary: | Subpixel layout: Legacy Element.offset* client* return values are invalid in certain cases. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | zalan <zalan> | ||||
| Component: | Layout and Rendering | Assignee: | zalan <zalan> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | cmarcelo, commit-queue, esprehn+autocc, kangil.han, simon.fraser | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
|
Description
zalan
2014-05-25 20:59:20 PDT
Created attachment 232055 [details]
Patch
Comment on attachment 232055 [details] Patch Clearing flags on attachment: 232055 Committed r169346: <http://trac.webkit.org/changeset/169346> All reviewed patches have been landed. Closing bug. Comment on attachment 232055 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=232055&action=review > Source/WebCore/dom/Element.cpp:674 > + return convertToNonSubpixelValueIfNeeded(adjustForLocalZoom(renderer->offsetLeft(), *renderer, zoomFactor), renderer->document(), zoomFactor == 1 ? Floor : Round); This relies on undefined behavior and can be a real problem in practice. There is no guarantee on the order of evaluation of arguments when calling a function. Setting zoomFactor as a side effect in one argument and looking at zoomFactor as part of the expression for another argument can give different results on different compilers. Please split the call to adjustForLocalZoom out into a separate expression. > Source/WebCore/dom/Element.cpp:684 > + return convertToNonSubpixelValueIfNeeded(adjustForLocalZoom(renderer->offsetTop(), *renderer, zoomFactor), renderer->document(), zoomFactor == 1 ? Floor : Round); Same problem here. |