Bug 61606

Summary: Logic error in WebCore/Page/SpatialNavigation.cpp::areRectsPartiallyAligned
Product: WebKit Reporter: Ryan Sleevi <rsleevi>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: hyatt, kling, tonikitoo, yael
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 50666    
Attachments:
Description Flags
patch kling: review+

Description Ryan Sleevi 2011-05-26 22:31:42 PDT 
This was reported downstream in Chromium by a user running a static analyzer against the Chromium sources. The original bug report is http://code.google.com/p/chromium/issues/detail?id=83873#c2 , with the specific bug split into http://code.google.com/p/chromium/issues/detail?id=84140

The original report is:
V501 There are identical sub-expressions '(bStart >= aStart && bStart <= aEnd)' to the left and to the right of the '||' operator. webcore_remaining spatialnavigation.cpp 236

// This method checks if |start| and |dest| have a partial intersection, either
// horizontally or vertically.
// * a = Current focused node's rect.
// * b = Focus candidate node's rect.
static bool areRectsPartiallyAligned(FocusDirection direction, const IntRect& a, const IntRect& b)
{
    int aStart  = start(direction, a);
    int bStart  = start(direction, b);
    int bMiddle = middle(direction, b);
    int aEnd = end(direction, a);
    int bEnd = end(direction, b);

    // Picture of the partially aligned logic:
    //
    //    Horizontal       Vertical
    // ********************************
    // *  _            *   _ _ _      *
    // * |_|           *  |_|_|_|     *
    // * |_|.... _     *      . .     *
    // * |_|    |_|    *      . .     *
    // * |_|....|_|    *      ._._ _  *
    // *        |_|    *      |_|_|_| *
    // *        |_|    *              *
    // *               *              *
    // ********************************
    //
    // ... and variants of the above cases.
    return ((bStart >= aStart && bStart <= aEnd)
            || (bStart >= aStart && bStart <= aEnd)
            || (bEnd >= aStart && bEnd <= aEnd)
            || (bMiddle >= aStart && bMiddle <= aEnd)
            || (bEnd >= aStart && bEnd <= aEnd));
}
Comment 1 Antonio Gomes 2011-05-26 22:54:42 PDT 
Nice tool! I can fix it, it you are not going to ...
Comment 2 Ryan Sleevi 2011-05-26 22:55:52 PDT 
Yes, please do. Sorry, I'm not familiar enough with this code to see the obvious fix.
Comment 3 Antonio Gomes 2011-05-26 23:30:16 PDT 
Created attachment 95122 [details]
patch
Comment 4 Andreas Kling 2011-05-29 10:32:51 PDT 
Landed in <http://trac.webkit.org/changeset/87616>.