105961 – Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC

Bug 105961 - Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC

Summary: Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Platform (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Emil A Eklund

URL:
Keywords:

Depends on:
Blocks:	95053
	Show dependency tree / graph

Reported:	2013-01-02 15:31 PST by Emil A Eklund
Modified:	2013-01-03 13:52 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (4.41 KB, patch) 2013-01-02 15:37 PST, Emil A Eklund	no flags	Details \| Formatted Diff \| Diff
Patch (4.88 KB, patch) 2013-01-02 16:02 PST, Emil A Eklund	no flags	Details \| Formatted Diff \| Diff
Patch (4.87 KB, patch) 2013-01-02 17:06 PST, Emil A Eklund	no flags	Details \| Formatted Diff \| Diff
Patch for landing (4.94 KB, patch) 2013-01-03 13:05 PST, Emil A Eklund	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Emil A Eklund 2013-01-02 15:31:56 PST

The LayoutUnit::ceil and floor methods overflows if given the intMaxForLayoutUnit and intMinForLayoutUnit values respectively.

Comment 1 Emil A Eklund 2013-01-02 15:37:11 PST

Created attachment 181086 [details]
Patch

Comment 2 Emil A Eklund 2013-01-02 16:02:11 PST

Created attachment 181095 [details]
Patch

Comment 3 Emil A Eklund 2013-01-02 17:06:48 PST

Created attachment 181112 [details]
Patch

Comment 4 Emil A Eklund 2013-01-02 17:07:17 PST

Updated tests to also cover MAX - 1, MAX - 0.5, MIN + 1 and MIN + 0.5

Comment 5 Levi Weintraub 2013-01-03 12:54:45 PST

Comment on attachment 181112 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=181112&action=review

This seems fine to me. I'd be curious to see the perf results (which I suspect are negligible), but since this flag isn't enabled, I think it's enough to watch the overall impact of enabling it.

> Source/WebCore/ChangeLog:3
> +        Fix overflow in LayoutUnit::ceil and flor for SATURATED_LAYOUT_ARITHMETIC

Typo: 'flor'

> Source/WebCore/platform/LayoutUnit.h:230
> +        if (UNLIKELY(m_value <= INT_MIN + kEffectiveFixedPointDenominator - 1))
> +            return intMinForLayoutUnit;

I'm not used to seeing UNLIKELY in WebCore code, but I imagine if I'm going to run into it, I'd expect it in platform/.

> Tools/ChangeLog:3
> +        Fix overflow in LayoutUnit::ceil and flor for SATURATED_LAYOUT_ARITHMETIC

'flor'

Comment 6 Emil A Eklund 2013-01-03 13:05:16 PST

Created attachment 181208 [details]
Patch for landing

Comment 7 WebKit Review Bot 2013-01-03 13:52:26 PST

Comment on attachment 181208 [details]
Patch for landing

Clearing flags on attachment: 181208

Committed r138736: <http://trac.webkit.org/changeset/138736>

Comment 8 WebKit Review Bot 2013-01-03 13:52:29 PST

All reviewed patches have been landed.  Closing bug.