Title: [148472] branches/safari-536.30-branch/Source/WebCore
- Revision
- 148472
- Author
- roger_f...@apple.com
- Date
- 2013-04-15 15:26:03 -0700 (Mon, 15 Apr 2013)
Log Message
r138821, <rdar://problem/13334928>
Modified Paths
Diff
Modified: branches/safari-536.30-branch/Source/WebCore/ChangeLog (148471 => 148472)
--- branches/safari-536.30-branch/Source/WebCore/ChangeLog 2013-04-15 22:19:19 UTC (rev 148471)
+++ branches/safari-536.30-branch/Source/WebCore/ChangeLog 2013-04-15 22:26:03 UTC (rev 148472)
@@ -1,3 +1,27 @@
+2013-04-15 Roger Fong <roger_f...@apple.com>
+
+ Merged r138821.
+
+ 01/04/13 John Mellor <joh...@chromium.org>
+
+ Clamp font sizes to valid range in RenderStyle::setFontSize
+ https://bugs.webkit.org/show_bug.cgi?id=106014
+
+ Reviewed by Emil A Eklund.
+
+ There is a test-case attached to http://crbug.com/167443, but I can't
+ think of a good way of automatically testing this. Functionality
+ shouldn't change on normal pages.
+
+ * rendering/style/RenderStyleConstants.h:
+ Add constant for maximum allowed font size.
+ * css/StyleResolver.cpp:
+ (WebCore::StyleResolver::getComputedSizeFromSpecifiedSize):
+ Use constant from RenderStyleConstants.h instead of hardcoding.
+ * rendering/style/RenderStyle.cpp:
+ (WebCore::RenderStyle::setFontSize):
+ Clamp non-finite and out of range font sizes.
+
2013-04-15 Andy Estes <aes...@apple.com>
Merged r138990.
Modified: branches/safari-536.30-branch/Source/WebCore/css/StyleResolver.cpp (148471 => 148472)
--- branches/safari-536.30-branch/Source/WebCore/css/StyleResolver.cpp 2013-04-15 22:19:19 UTC (rev 148471)
+++ branches/safari-536.30-branch/Source/WebCore/css/StyleResolver.cpp 2013-04-15 22:26:03 UTC (rev 148472)
@@ -4939,7 +4939,7 @@
// Also clamp to a reasonable maximum to prevent insane font sizes from causing crashes on various
// platforms (I'm looking at you, Windows.)
- return min(1000000.0f, zoomedSize);
+ return min(maximumAllowedFontSize, zoomedSize);
}
const int fontSizeTableMax = 16;
Modified: branches/safari-536.30-branch/Source/WebCore/rendering/style/RenderStyle.cpp (148471 => 148472)
--- branches/safari-536.30-branch/Source/WebCore/rendering/style/RenderStyle.cpp 2013-04-15 22:19:19 UTC (rev 148471)
+++ branches/safari-536.30-branch/Source/WebCore/rendering/style/RenderStyle.cpp 2013-04-15 22:26:03 UTC (rev 148472)
@@ -38,6 +38,7 @@
#if ENABLE(TOUCH_EVENTS)
#include "RenderTheme.h"
#endif
+#include <wtf/MathExtras.h>
#include <wtf/StdLibExtras.h>
#include <algorithm>
@@ -1150,6 +1151,13 @@
void RenderStyle::setBlendedFontSize(int size)
{
+ float sizef = (float)size;
+ ASSERT(isfinite(sizef);
+ if (!isfinite(sizef || size < 0)
+ size = 0;
+ else
+ size = min(maximumAllowedFontSize, sizef);
+
FontSelector* currentFontSelector = font().fontSelector();
FontDescription desc(fontDescription());
desc.setSpecifiedSize(size);
Modified: branches/safari-536.30-branch/Source/WebCore/rendering/style/RenderStyle.h (148471 => 148472)
--- branches/safari-536.30-branch/Source/WebCore/rendering/style/RenderStyle.h 2013-04-15 22:19:19 UTC (rev 148471)
+++ branches/safari-536.30-branch/Source/WebCore/rendering/style/RenderStyle.h 2013-04-15 22:26:03 UTC (rev 148472)
@@ -90,6 +90,7 @@
#include "SVGRenderStyle.h"
#endif
+
template<typename T, typename U> inline bool compareEqual(const T& t, const U& u) { return t == static_cast<T>(u); }
#define SET_VAR(group, variable, value) \
Modified: branches/safari-536.30-branch/Source/WebCore/rendering/style/RenderStyleConstants.h (148471 => 148472)
--- branches/safari-536.30-branch/Source/WebCore/rendering/style/RenderStyleConstants.h 2013-04-15 22:19:19 UTC (rev 148471)
+++ branches/safari-536.30-branch/Source/WebCore/rendering/style/RenderStyleConstants.h 2013-04-15 22:26:03 UTC (rev 148472)
@@ -466,6 +466,9 @@
enum WrapThrough { WrapThroughWrap, WrapThroughNone };
+// Reasonable maximum to prevent insane font sizes from causing crashes on some platforms (such as Windows).
+static const float maximumAllowedFontSize = 1000000.0f;
+
} // namespace WebCore
#endif // RenderStyleConstants_h
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
