RESOLVED FIXED 105961
Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC 
https://bugs.webkit.org/show_bug.cgi?id=105961
Summary Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC
Emil A Eklund
Reported 2013-01-02 15:31:56 PST
The LayoutUnit::ceil and floor methods overflows if given the intMaxForLayoutUnit and intMinForLayoutUnit values respectively.
Attachments
Patch (4.41 KB, patch)
2013-01-02 15:37 PST, Emil A Eklund 		no flags
DetailsFormatted DiffDiff
Patch (4.88 KB, patch)
2013-01-02 16:02 PST, Emil A Eklund 		no flags
DetailsFormatted DiffDiff
Patch (4.87 KB, patch)
2013-01-02 17:06 PST, Emil A Eklund 		no flags
DetailsFormatted DiffDiff
Patch for landing (4.94 KB, patch)
2013-01-03 13:05 PST, Emil A Eklund 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Emil A Eklund
Comment 1 2013-01-02 15:37:11 PST
Created attachment 181086 [details] Patch
Emil A Eklund
Comment 2 2013-01-02 16:02:11 PST
Created attachment 181095 [details] Patch
Emil A Eklund
Comment 3 2013-01-02 17:06:48 PST
Created attachment 181112 [details] Patch
Emil A Eklund
Comment 4 2013-01-02 17:07:17 PST
Updated tests to also cover MAX - 1, MAX - 0.5, MIN + 1 and MIN + 0.5
Levi Weintraub
Comment 5 2013-01-03 12:54:45 PST
Comment on attachment 181112 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=181112&action=review This seems fine to me. I'd be curious to see the perf results (which I suspect are negligible), but since this flag isn't enabled, I think it's enough to watch the overall impact of enabling it. > Source/WebCore/ChangeLog:3 > + Fix overflow in LayoutUnit::ceil and flor for SATURATED_LAYOUT_ARITHMETIC Typo: 'flor' > Source/WebCore/platform/LayoutUnit.h:230 > + if (UNLIKELY(m_value <= INT_MIN + kEffectiveFixedPointDenominator - 1)) > + return intMinForLayoutUnit; I'm not used to seeing UNLIKELY in WebCore code, but I imagine if I'm going to run into it, I'd expect it in platform/. > Tools/ChangeLog:3 > + Fix overflow in LayoutUnit::ceil and flor for SATURATED_LAYOUT_ARITHMETIC 'flor'
Emil A Eklund
Comment 6 2013-01-03 13:05:16 PST
Created attachment 181208 [details] Patch for landing
WebKit Review Bot
Comment 7 2013-01-03 13:52:26 PST
Comment on attachment 181208 [details] Patch for landing Clearing flags on attachment: 181208 Committed r138736: <http://trac.webkit.org/changeset/138736>
WebKit Review Bot
Comment 8 2013-01-03 13:52:29 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.