Bug 95776

Summary: REGRESSION(r120832): RenderLayer::clampScrollOffset doesn't properly clamp
Product: WebKit Reporter: Julien Chaffraix <jchaffraix>
Component: Layout and RenderingAssignee: Julien Chaffraix <jchaffraix>
Status: RESOLVED FIXED    
Severity: Normal CC: eric, simon.fraser, webkit.review.bot
Priority: P2 Keywords: Regression
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Manual test case
none
Proposed fix: Apply the max last to ensure positive offsets. none

Description Julien Chaffraix 2012-09-04 13:24:58 PDT 
Created attachment 162092 [details]
Manual test case

When refactoring the clamping logic into clampScrollOffset as part of r120832, the different clipping logics were consolidated into the new function. Unfortunately the old code would wrongly clamp the values:

int x = min(max(scrollOffset.width(), 0), maxX);
int y = min(max(scrollOffset.height(), 0), maxY);

Note that because we apply the min last, we cannot guarantee that x and y are positive as nothing prevents maxX / maxY from being negative.

r120832 exposed the bug to RenderLayer::scrollRectToVisible which was doing the proper clamping.
Comment 1 Julien Chaffraix 2012-09-04 13:47:44 PDT 
Created attachment 162097 [details]
Proposed fix: Apply the max last to ensure positive offsets.
Comment 2 WebKit Review Bot 2012-09-04 16:38:37 PDT 
Comment on attachment 162097 [details]
Proposed fix: Apply the max last to ensure positive offsets.

Clearing flags on attachment: 162097

Committed r127520: <http://trac.webkit.org/changeset/127520>
Comment 3 WebKit Review Bot 2012-09-04 16:38:40 PDT 
All reviewed patches have been landed.  Closing bug.