Summary: | CSSValuePool: Make numeric value caches fixed-size arrays. | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Andreas Kling <kling> | ||||||||
Component: | CSS | Assignee: | Andreas Kling <kling> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | macpherson, menard, webkit.review.bot | ||||||||
Priority: | P2 | ||||||||||
Version: | 528+ (Nightly build) | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Attachments: |
|
Description
Andreas Kling
2012-04-18 12:57:33 PDT
Created attachment 137745 [details]
Patch
Comment on attachment 137745 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=137745&action=review > Source/WebCore/css/CSSValuePool.cpp:87 > + if (value < 0 || value > maximumCacheableIntegerValue) Shouldn't this be >= max? Comment on attachment 137745 [details]
Patch
Farts. It appears you're running off the end of your array by allowing 256.
Created attachment 137749 [details]
Patch with less derp
Comment on attachment 137749 [details] Patch with less derp View in context: https://bugs.webkit.org/attachment.cgi?id=137749&action=review > Source/WebCore/css/CSSValuePool.h:73 > + static const int maximumCacheableIntegerValue = 256; > + > + RefPtr<CSSPrimitiveValue> m_pixelValueCache[maximumCacheableIntegerValue]; > + RefPtr<CSSPrimitiveValue> m_percentValueCache[maximumCacheableIntegerValue]; > + RefPtr<CSSPrimitiveValue> m_numberValueCache[maximumCacheableIntegerValue]; Naming is off. Your maximumCacheableIntegerValue is not actually cacheable. Created attachment 137758 [details]
Patch :'(
Comment on attachment 137758 [details]
Patch :'(
r=me
Committed r114558: <http://trac.webkit.org/changeset/114558> |