Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 59604007e4c6efaa4a40868de016f7afcb5fb2a7
https://github.com/WebKit/WebKit/commit/59604007e4c6efaa4a40868de016f7afcb5fb2a7
Author: Chris Dumez <[email protected]>
Date: 2026-06-08 (Mon, 08 Jun 2026)
Changed paths:
M Source/WTF/wtf/MathExtras.h
M Source/WebCore/dom/Element.cpp
M Source/WebCore/platform/LayoutUnit.h
M Source/WebCore/platform/graphics/DoublePoint.h
M Source/WebCore/platform/graphics/FloatPoint.h
M Source/WebCore/platform/graphics/FloatSize.h
M Source/WebCore/platform/graphics/IntPoint.cpp
M Source/WebCore/platform/graphics/IntRect.cpp
M Source/WebCore/platform/graphics/IntSize.cpp
M Source/WebCore/platform/graphics/cocoa/IOSurface.mm
M Source/WebCore/rendering/AttachmentLayout.mm
M Source/WebCore/style/StyleAdjuster.cpp
M Source/WebKit/Shared/wpe/WebEventFactoryWPE.cpp
M Source/WebKit/UIProcess/API/gtk/DropTargetGtk4.cpp
M Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp
M Source/WebKit/UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm
M Tools/TestWebKitAPI/Tests/WTF/MathExtras.cpp
Log Message:
-----------
clampToInteger<T> does not clamp values below INT_MIN
https://bugs.webkit.org/show_bug.cgi?id=316511
Reviewed by Darin Adler.
clampToInteger had three overloads. The float and double versions were thin
wrappers that delegated to clampTo<int>. The integral version was its own
implementation that only clamped the upper bound — for values below INT_MIN it
fell through to a bare static_cast<int>(x), which is implementation-defined for
out-of-range conversions. In practice, clampToInteger<int64_t>(INT64_MIN)
returned 0 and clampToInteger<int64_t>(INT_MIN - 1) returned INT_MAX instead of
clamping to INT_MIN.
The integral version was also miscompiled for narrow signed/unsigned T (int8_t,
int16_t, uint8_t, uint16_t) because `static_cast<unsigned>(INT_MAX)` truncates
when assigned to `T intMax` — caught by -Werror=constant-conversion, so those
instantiations were unreachable from production code.
Rather than fix the integral overload in place, remove the API entirely and
migrate callers to clampTo<int>(value), whose existing overload set already
handles every integral and floating-point source type with correct two-sided
clamping.
Test: Tools/TestWebKitAPI/Tests/WTF/MathExtras.cpp
* Source/WTF/wtf/MathExtras.h:
(clampToInteger): Deleted.
* Source/WebCore/dom/Element.cpp:
(WebCore::Element::scrollTo):
(WebCore::Element::setScrollLeft):
(WebCore::Element::setScrollTop):
* Source/WebCore/platform/LayoutUnit.h:
(WebCore::LayoutUnit::LayoutUnit):
(WebCore::LayoutUnit::fromFloatCeil):
(WebCore::LayoutUnit::fromFloatFloor):
* Source/WebCore/platform/graphics/DoublePoint.h:
(WebCore::flooredIntPoint):
(WebCore::roundedIntPoint):
* Source/WebCore/platform/graphics/FloatPoint.h:
(WebCore::flooredIntSize):
(WebCore::roundedIntPoint):
(WebCore::flooredIntPoint):
(WebCore::ceiledIntPoint):
* Source/WebCore/platform/graphics/FloatSize.h:
(WebCore::roundedIntSize):
(WebCore::flooredIntSize):
(WebCore::expandedIntSize):
(WebCore::flooredIntPoint):
* Source/WebCore/platform/graphics/IntPoint.cpp:
(WebCore::IntPoint::IntPoint):
* Source/WebCore/platform/graphics/IntRect.cpp:
(WebCore::IntRect::IntRect):
* Source/WebCore/platform/graphics/IntSize.cpp:
(WebCore::IntSize::IntSize):
* Source/WebCore/platform/graphics/cocoa/IOSurface.mm:
(WebCore::computeMaximumSurfaceSize):
* Source/WebCore/rendering/AttachmentLayout.mm:
(WebCore::AttachmentLayout::AttachmentLayout):
* Source/WebCore/style/StyleAdjuster.cpp:
(WebCore::Style::addIntrinsicMargins):
* Source/WebKit/Shared/wpe/WebEventFactoryWPE.cpp:
(WebKit::positionFromEvent):
* Source/WebKit/UIProcess/API/gtk/DropTargetGtk4.cpp:
(WebKit::DropTarget::DropTarget):
* Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseScrollEvent):
* Source/WebKit/UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm:
(-[WKRotationCoordinatorObserver
observeValueForKeyPath:ofObject:change:context:]):
(-[WKRotationCoordinatorObserver start:layer:]):
* Tools/TestWebKitAPI/Tests/WTF/MathExtras.cpp:
(TestWebKitAPI::TEST(WTF, clampToIntFloat)):
(TestWebKitAPI::TEST(WTF, clampToIntDouble)):
(TestWebKitAPI::TEST(WTF, clampToIntIntegral)):
(TestWebKitAPI::TEST(WTF, clampToIntegerFloat)): Deleted.
(TestWebKitAPI::TEST(WTF, clampToIntegerDouble)): Deleted.
Canonical link: https://commits.webkit.org/314768@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
