[webkit-changes] [138736] trunk

Thu, 03 Jan 2013 13:49:26 -0800

Title: [138736] trunk
Revision
138736
Author
[email protected]
Date
2013-01-03 13:51:08 -0800 (Thu, 03 Jan 2013)

Log Message

Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC
https://bugs.webkit.org/show_bug.cgi?id=105961

Source/WebCore:

Reviewed by Levi Weintraub.

The LayoutUnit::ceil and floor methods overflows if given the
intMaxForLayoutUnit and intMinForLayoutUnit values respectively.
Check for the max/min value to avoid this.

Test: TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp

* platform/LayoutUnit.h:
(WebCore::LayoutUnit::ceil):
(WebCore::LayoutUnit::floor):
Check for the max/min value and return early to avoid overflow.
Use the UNLIKELY macro to avoid the cost of branch misprediction
for the common case.

Tools:

Reviewed by Levi Weintraub.

Add tests for LayoutUnit::ceil and floor.

* TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp:
(TestWebKitAPI::TEST):
(TestWebKitAPI):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (138735 => 138736)


--- trunk/Source/WebCore/ChangeLog	2013-01-03 21:39:11 UTC (rev 138735)
+++ trunk/Source/WebCore/ChangeLog	2013-01-03 21:51:08 UTC (rev 138736)
@@ -1,3 +1,23 @@
+2013-01-03  Emil A Eklund  <[email protected]>
+
+        Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC
+        https://bugs.webkit.org/show_bug.cgi?id=105961
+
+        Reviewed by Levi Weintraub.
+        
+        The LayoutUnit::ceil and floor methods overflows if given the
+        intMaxForLayoutUnit and intMinForLayoutUnit values respectively.
+        Check for the max/min value to avoid this.
+
+        Test: TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp
+
+        * platform/LayoutUnit.h:
+        (WebCore::LayoutUnit::ceil):
+        (WebCore::LayoutUnit::floor):
+        Check for the max/min value and return early to avoid overflow.
+        Use the UNLIKELY macro to avoid the cost of branch misprediction
+        for the common case.
+
 2013-01-03  Elliott Sprehn  <[email protected]>
 
         [Refactoring] Replace Node's Document pointer with a TreeScope pointer

Modified: trunk/Source/WebCore/platform/LayoutUnit.h (138735 => 138736)


--- trunk/Source/WebCore/platform/LayoutUnit.h	2013-01-03 21:39:11 UTC (rev 138735)
+++ trunk/Source/WebCore/platform/LayoutUnit.h	2013-01-03 21:51:08 UTC (rev 138736)
@@ -196,6 +196,10 @@
 #endif
     {
 #if ENABLE(SUBPIXEL_LAYOUT)
+#if ENABLE(SATURATED_LAYOUT_ARITHMETIC)
+        if (UNLIKELY(m_value >= INT_MAX - kEffectiveFixedPointDenominator + 1))
+            return intMaxForLayoutUnit;
+#endif
         if (m_value >= 0)
             return (m_value + kEffectiveFixedPointDenominator - 1) / kEffectiveFixedPointDenominator;
         return toInt();
@@ -221,6 +225,10 @@
     int floor() const
     {
 #if ENABLE(SUBPIXEL_LAYOUT)
+#if ENABLE(SATURATED_LAYOUT_ARITHMETIC)
+        if (UNLIKELY(m_value <= INT_MIN + kEffectiveFixedPointDenominator - 1))
+            return intMinForLayoutUnit;
+#endif
         if (m_value >= 0)
             return toInt();
         return (m_value - kEffectiveFixedPointDenominator + 1) / kEffectiveFixedPointDenominator;

Modified: trunk/Tools/ChangeLog (138735 => 138736)


--- trunk/Tools/ChangeLog	2013-01-03 21:39:11 UTC (rev 138735)
+++ trunk/Tools/ChangeLog	2013-01-03 21:51:08 UTC (rev 138736)
@@ -1,3 +1,16 @@
+2013-01-03  Emil A Eklund  <[email protected]>
+
+        Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC
+        https://bugs.webkit.org/show_bug.cgi?id=105961
+
+        Reviewed by Levi Weintraub.
+        
+        Add tests for LayoutUnit::ceil and floor.
+
+        * TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp:
+        (TestWebKitAPI::TEST):
+        (TestWebKitAPI):
+
 2013-01-03  Julie Parent  <[email protected]>
 
         Add unit test for default builder for the dashboards.

Modified: trunk/Tools/TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp (138735 => 138736)


--- trunk/Tools/TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp	2013-01-03 21:39:11 UTC (rev 138735)
+++ trunk/Tools/TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp	2013-01-03 21:51:08 UTC (rev 138736)
@@ -187,5 +187,47 @@
     ASSERT_EQ((LayoutUnit(intMaxForLayoutUnit) / LayoutUnit(0.5)).toInt(), intMaxForLayoutUnit);
 }
 
+TEST(WebCoreLayoutUnit, LayoutUnitCeil)
+{
+    ASSERT_EQ(LayoutUnit(0).ceil(), 0);
+    ASSERT_EQ(LayoutUnit(0.1).ceil(), 1);
+    ASSERT_EQ(LayoutUnit(0.5).ceil(), 1);
+    ASSERT_EQ(LayoutUnit(0.9).ceil(), 1);
+    ASSERT_EQ(LayoutUnit(1.0).ceil(), 1);
+    ASSERT_EQ(LayoutUnit(1.1).ceil(), 2);
+    
+    ASSERT_EQ(LayoutUnit(-0.1).ceil(), 0);
+    ASSERT_EQ(LayoutUnit(-0.5).ceil(), 0);
+    ASSERT_EQ(LayoutUnit(-0.9).ceil(), 0);
+    ASSERT_EQ(LayoutUnit(-1.0).ceil(), -1);
+    
+    ASSERT_EQ(LayoutUnit(intMaxForLayoutUnit).ceil(), intMaxForLayoutUnit);
+    ASSERT_EQ((LayoutUnit(intMaxForLayoutUnit) - LayoutUnit(0.5)).ceil(), intMaxForLayoutUnit);
+    ASSERT_EQ((LayoutUnit(intMaxForLayoutUnit) - LayoutUnit(1)).ceil(), intMaxForLayoutUnit - 1);
 
+    ASSERT_EQ(LayoutUnit(intMinForLayoutUnit).ceil(), intMinForLayoutUnit);
+}
+
+TEST(WebCoreLayoutUnit, LayoutUnitFloor)
+{
+    ASSERT_EQ(LayoutUnit(0).floor(), 0);
+    ASSERT_EQ(LayoutUnit(0.1).floor(), 0);
+    ASSERT_EQ(LayoutUnit(0.5).floor(), 0);
+    ASSERT_EQ(LayoutUnit(0.9).floor(), 0);
+    ASSERT_EQ(LayoutUnit(1.0).floor(), 1);
+    ASSERT_EQ(LayoutUnit(1.1).floor(), 1);
+    
+    ASSERT_EQ(LayoutUnit(-0.1).floor(), -1);
+    ASSERT_EQ(LayoutUnit(-0.5).floor(), -1);
+    ASSERT_EQ(LayoutUnit(-0.9).floor(), -1);
+    ASSERT_EQ(LayoutUnit(-1.0).floor(), -1);
+    
+    ASSERT_EQ(LayoutUnit(intMaxForLayoutUnit).floor(), intMaxForLayoutUnit);
+
+    ASSERT_EQ(LayoutUnit(intMinForLayoutUnit).floor(), intMinForLayoutUnit);
+    ASSERT_EQ((LayoutUnit(intMinForLayoutUnit) + LayoutUnit(0.5)).floor(), intMinForLayoutUnit);
+    ASSERT_EQ((LayoutUnit(intMinForLayoutUnit) + LayoutUnit(1)).floor(), intMinForLayoutUnit + 1);
+}
+
+
 } // namespace TestWebKitAPI

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to