Bug 161690

Summary: Fix handling of negative radius in HTMLAreaElement's coords when in circle state
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, dbates, esprehn+autocc, gyuyoung.kim
Priority: P2 Keywords: WebExposed
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Chris Dumez
Reported 2016-09-07 09:01:23 PDT
Fix handling of negative radius in HTMLAreaElement's coords when in circle state: - https://html.spec.whatwg.org/#attr-area-shape-circle The radius must be non-negative as per the specification. However, our code fails to check. Firefox and Chrome both reject negative negative radius.
Attachments
Patch (3.91 KB, patch)
2016-09-07 09:02 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (3.90 KB, patch)
2016-09-07 13:07 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-09-07 09:02:49 PDT
Created attachment 288142 [details] Patch
Daniel Bates
Comment 2 2016-09-07 13:00:09 PDT
Comment on attachment 288142 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=288142&action=review > Source/WebCore/html/HTMLAreaElement.cpp:163 > + if (radius > 0) This should be >=
Daniel Bates
Comment 3 2016-09-07 13:00:32 PDT
Comment on attachment 288142 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=288142&action=review > Source/WebCore/ChangeLog:15 > + Firefox and Chrome both reject negative negative radius. "negative negative" => "negative"
Chris Dumez
Comment 4 2016-09-07 13:04:14 PDT
Comment on attachment 288142 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=288142&action=review >> Source/WebCore/html/HTMLAreaElement.cpp:163 >> + if (radius > 0) > > This should be >= Why? If radius is 0 then there is no circle and it would never hit test an element anyway. FYI, I have also checked that Blink is using > 0.
Daniel Bates
Comment 5 2016-09-07 13:04:58 PDT
Comment on attachment 288142 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=288142&action=review >> Source/WebCore/html/HTMLAreaElement.cpp:163 >> + if (radius > 0) > > This should be >= Using '>' is OK as-is.. I mean, it does not make sense to describe an ellipse with a 0 radius.
Chris Dumez
Comment 6 2016-09-07 13:07:10 PDT
Created attachment 288175 [details] Patch
Chris Dumez
Comment 7 2016-09-07 13:21:49 PDT
Comment on attachment 288175 [details] Patch Clearing flags on attachment: 288175 Committed r205565: <http://trac.webkit.org/changeset/205565>
Chris Dumez
Comment 8 2016-09-07 13:21:53 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.