| Summary: | Large values for line-height cause integer overflow in RenderStyle::computedLineHeight | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Bem Jones-Bey <bjonesbe> | ||||
| Component: | Layout and Rendering | Assignee: | Bem Jones-Bey <bjonesbe> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | commit-queue, esprehn+autocc, glenn, kondapallykalyan, rwlbuis | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
|
Description
Bem Jones-Bey
2015-04-16 21:48:00 PDT
Created attachment 251003 [details]
Patch
Comment on attachment 251003 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=251003&action=review Looks good. > Source/WebCore/rendering/style/RenderStyle.cpp:1411 > + return clampTo<int>(lh.value()); I wonder if this does too much work compared to the Blink approach, since AFAIK the CSS Parser will not allow a negative value here. (In reply to comment #2) > Comment on attachment 251003 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=251003&action=review > > Looks good. > > > Source/WebCore/rendering/style/RenderStyle.cpp:1411 > > + return clampTo<int>(lh.value()); > > I wonder if this does too much work compared to the Blink approach, since > AFAIK the CSS Parser will not allow a negative value here. Unless we have proof that the extra check is a bottleneck, I feel like using clampTo is more readable and simpler than the alternative. Comment on attachment 251003 [details] Patch Clearing flags on attachment: 251003 Committed r182974: <http://trac.webkit.org/changeset/182974> All reviewed patches have been landed. Closing bug. |