Bug 230873

Summary: Incorrect Length constructor used after blending negative Length
Product: WebKit Reporter: Gabriel Nava Marino <gnavamarino>
Component: AnimationsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: dino, fpizlo, graouts, graouts, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch none

Gabriel Nava Marino
Reported 2021-09-27 18:25:37 PDT
In some scenarios, BuilderConverter::convertToRadiusLength can return a negative Length of LengthType::Fixed. This is later blended with a Length of LengthType::Calculated which results in the incorrect Length constructor being called.
Attachments
Patch (5.87 KB, patch)
2021-09-27 18:56 PDT, Gabriel Nava Marino 		no flags
DetailsFormatted DiffDiff
Patch (4.09 KB, patch)
2021-10-01 10:05 PDT, Gabriel Nava Marino 		no flags
DetailsFormatted DiffDiff
Patch (5.14 KB, patch)
2021-10-04 10:52 PDT, Gabriel Nava Marino 		no flags
DetailsFormatted DiffDiff
Patch (5.13 KB, patch)
2021-10-04 15:42 PDT, Gabriel Nava Marino 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Gabriel Nava Marino
Comment 1 2021-09-27 18:56:59 PDT
Created attachment 439425 [details] Patch
Gabriel Nava Marino
Comment 2 2021-10-01 10:05:26 PDT
Created attachment 439870 [details] Patch
Gabriel Nava Marino
Comment 3 2021-10-01 10:07:06 PDT
Smaller scope patch that still addresses the issue.
Gabriel Nava Marino
Comment 4 2021-10-04 10:52:45 PDT
Created attachment 440076 [details] Patch
Antoine Quint
Comment 5 2021-10-04 14:21:40 PDT
Comment on attachment 440076 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=440076&action=review > Source/WebCore/platform/Length.cpp:344 > + LengthType type = from.isZero() ? to.type() : from.type(); You can use `auto` here. > Source/WebCore/style/StyleBuilderConverter.h:321 > + Length length = value.computeLength<Length>(conversionData); You can use `auto` here.
Gabriel Nava Marino
Comment 6 2021-10-04 15:42:15 PDT
Created attachment 440113 [details] Patch
Radar WebKit Bug Importer
Comment 7 2021-10-04 18:26:16 PDT
<rdar://problem/83865564>
EWS
Comment 8 2021-10-05 13:13:05 PDT
Committed r283568 (242533@main): <https://commits.webkit.org/242533@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 440113 [details].
Note You need to log in before you can comment on or make changes to this bug.