Hi, On 07/31/2013 10:40 PM, Ryosuke Niwa wrote: > Can't we encounter the same bug if we you multiplied the same height by > 64 even if the sub pixel layout is not turned off? Or is there some > parser and other component that prevents such an overflow to happen? >
I've been debugging and analyzing this issue a bit more and I concluded that the scenario described in bug 119273 is already protected if SUBPIXEL_LAYOUT is not enabled. The CSS max-height property value is clamped to max float during the parsing phase. Further arithmetic operations are already protected, so only the case of using the 64 factor defined for the SUBPIXEL_LAYOUT is still causing problems. So, this issue affects only the ports enabling SUBPIXEL_LAYOUT by default and not using the SATURATED_ARITHMETIC_LAYOUT. As far as I know, gtk+, Qt and EFL are the ports affected by this issue. Regarding the gtk+ port, the SATURATED_ARITHMETIC_LAYOUT would be enabled as soon as I verify bug 120583 is solved enabling this flag. Could anyone responsible of the other ports give some insight to this issue ? BR. -- Javi _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev