151906 – Garbage in page tiles when document is too long.

Bug 151906 - Garbage in page tiles when document is too long.

Summary: Garbage in page tiles when document is too long.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	zalan

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2015-12-04 20:50 PST by zalan
Modified:	2015-12-08 16:37 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (9.68 KB, patch) 2015-12-04 21:16 PST, zalan	no flags	Details \| Formatted Diff \| Diff
Patch (9.72 KB, patch) 2015-12-04 21:28 PST, zalan	no flags	Details \| Formatted Diff \| Diff
Patch (9.75 KB, patch) 2015-12-04 21:44 PST, zalan	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zalan 2015-12-04 20:50:49 PST

When document is longer than 16777421px 
<body style="height: 16777421px;">foobar</body>

Comment 1 zalan 2015-12-04 20:51:07 PST

rdar://problem/23695858

Comment 2 zalan 2015-12-04 21:16:08 PST

Created attachment 266704 [details]
Patch

Comment 3 Simon Fraser (smfr) 2015-12-04 21:18:38 PST

Comment on attachment 266704 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=266704&action=review

> Source/WebCore/rendering/ClipRect.h:81
> +    if (isInfinite())
> +        m_rect = other;
> +    else
> +        m_rect.intersect(other);

What if 'other' is infinite?

> Source/WebCore/rendering/ClipRect.h:96
> +    if (isInfinite())
> +        return true;
> +    return m_rect.intersects(rect);
> +}

What if 'rect' is infinite?

Comment 4 zalan 2015-12-04 21:28:46 PST

Created attachment 266705 [details]
Patch

Comment 5 Simon Fraser (smfr) 2015-12-04 21:30:03 PST

Comment on attachment 266705 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=266705&action=review

> Source/WebCore/rendering/ClipRect.h:79
> +    if (isInfinite() || other.isInfinite())
> +        m_rect = other;

If this is infinite, but other is not, you're overwriting an infinite rect with a non-infinite one.

Comment 6 zalan 2015-12-04 21:44:41 PST

Created attachment 266707 [details]
Patch

Comment 7 WebKit Commit Bot 2015-12-04 23:11:33 PST

Comment on attachment 266707 [details]
Patch

Clearing flags on attachment: 266707

Committed r193511: <http://trac.webkit.org/changeset/193511>

Comment 8 WebKit Commit Bot 2015-12-04 23:11:36 PST

All reviewed patches have been landed.  Closing bug.

Comment 9 Ryan Haddad 2015-12-08 16:37:53 PST

Rebaseline fast/block/float/overhanging-tall-block.html for win in <https://trac.webkit.org/r193796>