Bug 161690 - Fix handling of negative radius in HTMLAreaElement's coords when in circle state
Summary: Fix handling of negative radius in HTMLAreaElement's coords when in circle state
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: WebExposed
Depends on:
Blocks:
 
Reported: 2016-09-07 09:01 PDT by Chris Dumez
Modified: 2016-09-07 13:21 PDT (History)
5 users (show)

See Also:

Attachments
Patch (3.91 KB, patch)
2016-09-07 09:02 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (3.90 KB, patch)
2016-09-07 13:07 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2016-09-07 09:01:23 PDT 
Fix handling of negative radius in HTMLAreaElement's coords when in circle state:
- https://html.spec.whatwg.org/#attr-area-shape-circle

The radius must be non-negative as per the specification. However, our code fails to check.

Firefox and Chrome both reject negative negative radius.
Comment 1 Chris Dumez 2016-09-07 09:02:49 PDT 
Created attachment 288142 [details]
Patch
Comment 2 Daniel Bates 2016-09-07 13:00:09 PDT 
Comment on attachment 288142 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=288142&action=review

> Source/WebCore/html/HTMLAreaElement.cpp:163
> +                if (radius > 0)

This should be >=
Comment 3 Daniel Bates 2016-09-07 13:00:32 PDT 
Comment on attachment 288142 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=288142&action=review

> Source/WebCore/ChangeLog:15
> +        Firefox and Chrome both reject negative negative radius.

"negative negative" => "negative"
Comment 4 Chris Dumez 2016-09-07 13:04:14 PDT 
Comment on attachment 288142 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=288142&action=review

>> Source/WebCore/html/HTMLAreaElement.cpp:163
>> +                if (radius > 0)
> 
> This should be >=

Why? If radius is 0 then there is no circle and it would never hit test an element anyway.
FYI, I have also checked that Blink is using > 0.
Comment 5 Daniel Bates 2016-09-07 13:04:58 PDT 
Comment on attachment 288142 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=288142&action=review

>> Source/WebCore/html/HTMLAreaElement.cpp:163
>> +                if (radius > 0)
> 
> This should be >=

Using '>' is OK as-is.. I mean, it does not make sense to describe an ellipse with a 0 radius.
Comment 6 Chris Dumez 2016-09-07 13:07:10 PDT 
Created attachment 288175 [details]
Patch
Comment 7 Chris Dumez 2016-09-07 13:21:49 PDT 
Comment on attachment 288175 [details]
Patch

Clearing flags on attachment: 288175

Committed r205565: <http://trac.webkit.org/changeset/205565>
Comment 8 Chris Dumez 2016-09-07 13:21:53 PDT 
All reviewed patches have been landed.  Closing bug.