[webkit-changes] [172791] branches/safari-600.1-branch/Source/WebCore

Tue, 19 Aug 2014 17:22:50 -0700

Title: [172791] branches/safari-600.1-branch/Source/WebCore
Revision
172791
Author
dburk...@apple.com
Date
2014-08-19 17:22:27 -0700 (Tue, 19 Aug 2014)

Log Message

Merge r172317. <rdar://problem/18052514>


Modified Paths

Diff

Modified: branches/safari-600.1-branch/Source/WebCore/ChangeLog (172790 => 172791)


--- branches/safari-600.1-branch/Source/WebCore/ChangeLog	2014-08-19 23:55:36 UTC (rev 172790)
+++ branches/safari-600.1-branch/Source/WebCore/ChangeLog	2014-08-20 00:22:27 UTC (rev 172791)
@@ -1,5 +1,39 @@
 2014-08-19  Dana Burkart  <dburk...@apple.com>
 
+        Merge r172317. <rdar://problem/18052514>
+
+    2014-08-07  Simon Fraser  <simon.fra...@apple.com>
+    
+            HTML <sub> and <sup> elements do not work in some 64-bit builds
+            https://bugs.webkit.org/show_bug.cgi?id=135736
+    
+            Reviewed by Tim Horton.
+            
+            RootInlineBox::verticalPositionForBox() had some implicit conversions between
+            LayoutUnit and int that caused overflow, and resulted in different comparison
+            behavior with an int constant in different architectures, since overflow behavior
+            is undefined.
+            
+            Specifically, VerticalPositionCache was written in terms of ints with a special
+            0x80000000 "not found" value. However, 0x80000000 was being assigned to
+            a LayoutUnit, which multiplies by 64 causing overflow. The result was then
+            compared again with 0x80000000 which could pass or fail depending on overflow
+            behavior.
+            
+            Fix by converting VerticalPositionCache to use LayoutUnits, and to have a bool
+            return value with a result out param, instead of a special return value.
+    
+            Not easily testable, since the difference does not show in DRT output,
+            and a ref test would be flakey.
+    
+            * rendering/RootInlineBox.cpp:
+            (WebCore::RootInlineBox::ascentAndDescentForBox):
+            * rendering/VerticalPositionCache.h:
+            (WebCore::VerticalPositionCache::get):
+            (WebCore::VerticalPositionCache::set):
+    
+2014-08-19  Dana Burkart  <dburk...@apple.com>
+
         Merge r172720. <rdar://problem/17767169>
 
     2014-08-18  Brent Fulgham  <bfulg...@apple.com>

Modified: branches/safari-600.1-branch/Source/WebCore/rendering/RootInlineBox.cpp (172790 => 172791)


--- branches/safari-600.1-branch/Source/WebCore/rendering/RootInlineBox.cpp	2014-08-19 23:55:36 UTC (rev 172790)
+++ branches/safari-600.1-branch/Source/WebCore/rendering/RootInlineBox.cpp	2014-08-20 00:22:27 UTC (rev 172791)
@@ -934,9 +934,9 @@
     // Check the cache.
     bool isRenderInline = renderer->isRenderInline();
     if (isRenderInline && !firstLine) {
-        LayoutUnit verticalPosition = verticalPositionCache.get(renderer, baselineType());
-        if (verticalPosition != PositionUndefined)
-            return verticalPosition;
+        LayoutUnit cachedPosition;
+        if (verticalPositionCache.get(renderer, baselineType(), cachedPosition))
+            return cachedPosition;
     }
 
     LayoutUnit verticalPosition = 0;

Modified: branches/safari-600.1-branch/Source/WebCore/rendering/VerticalPositionCache.h (172790 => 172791)


--- branches/safari-600.1-branch/Source/WebCore/rendering/VerticalPositionCache.h	2014-08-19 23:55:36 UTC (rev 172790)
+++ branches/safari-600.1-branch/Source/WebCore/rendering/VerticalPositionCache.h	2014-08-20 00:22:27 UTC (rev 172791)
@@ -33,25 +33,24 @@
 
 class RenderObject;
 
-// Values for vertical alignment.
-const int PositionUndefined = 0x80000000;
-
 class VerticalPositionCache {
     WTF_MAKE_NONCOPYABLE(VerticalPositionCache);
 public:
     VerticalPositionCache()
     { }
     
-    int get(RenderObject* renderer, FontBaseline baselineType) const
+    bool get(RenderObject* renderer, FontBaseline baselineType, LayoutUnit& result) const
     {
-        const HashMap<RenderObject*, int>& mapToCheck = baselineType == AlphabeticBaseline ? m_alphabeticPositions : m_ideographicPositions;
-        const HashMap<RenderObject*, int>::const_iterator it = mapToCheck.find(renderer);
+        const HashMap<RenderObject*, LayoutUnit>& mapToCheck = baselineType == AlphabeticBaseline ? m_alphabeticPositions : m_ideographicPositions;
+        const HashMap<RenderObject*, LayoutUnit>::const_iterator it = mapToCheck.find(renderer);
         if (it == mapToCheck.end())
-            return PositionUndefined;
-        return it->value;
+            return false;
+
+        result = it->value;
+        return true;
     }
     
-    void set(RenderObject* renderer, FontBaseline baselineType, int position)
+    void set(RenderObject* renderer, FontBaseline baselineType, LayoutUnit position)
     {
         if (baselineType == AlphabeticBaseline)
             m_alphabeticPositions.set(renderer, position);
@@ -60,8 +59,8 @@
     }
 
 private:
-    HashMap<RenderObject*, int> m_alphabeticPositions;
-    HashMap<RenderObject*, int> m_ideographicPositions;
+    HashMap<RenderObject*, LayoutUnit> m_alphabeticPositions;
+    HashMap<RenderObject*, LayoutUnit> m_ideographicPositions;
 };
 
 } // namespace WebCore

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to