Changeset 25171 in webkit

Timestamp:

Aug 21, 2007, 10:57:59 AM (18 years ago)

Author:

adele

Message:

WebCore:

Reviewed by Darin.

• fix ​http://bugs.webkit.org/show_bug.cgi?id=15010 <rdar://problem/5423956> REGRESSION (r25000-r25065): Table rendering broken by a recent nightly

Test: fast/table/max-width-integer-overflow.html

Avoid integer overflows when dealing with maximum widths by
1) using floating point arithmetic when summing or multiplying column max widths
2) capping max widths at INT_MAX / 2

• rendering/AutoTableLayout.cpp: (WebCore::AutoTableLayout::calcPrefWidths): (WebCore::AutoTableLayout::calcEffectiveWidth): (WebCore::AutoTableLayout::layout):

LayoutTests:

Reviewed by Darin.

• test for ​http://bugs.webkit.org/show_bug.cgi?id=15010 <rdar://problem/5423956> REGRESSION (r25000-r25065): Table rendering broken by a recent nightly

• fast/table/max-width-integer-overflow.html: Added.
• platform/mac/fast/table: Added.
• platform/mac/fast/table/max-width-integer-overflow-expected.checksum: Added.
• platform/mac/fast/table/max-width-integer-overflow-expected.png: Added.
• platform/mac/fast/table/max-width-integer-overflow-expected.txt: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/table/max-width-integer-overflow.html (added)
• LayoutTests/platform/mac/fast/table (added)
• LayoutTests/platform/mac/fast/table/max-width-integer-overflow-expected.checksum (added)
• LayoutTests/platform/mac/fast/table/max-width-integer-overflow-expected.png (added)
• LayoutTests/platform/mac/fast/table/max-width-integer-overflow-expected.txt (added)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/rendering/AutoTableLayout.cpp (modified) (13 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2007-08-21  Mitz Pettel  <mitz@webkit.org>
+
+        Reviewed by Darin.
+
+        - test for http://bugs.webkit.org/show_bug.cgi?id=15010
+          <rdar://problem/5423956> REGRESSION (r25000-r25065): Table rendering broken by a recent nightly
+
+        * fast/table/max-width-integer-overflow.html: Added.
+        * platform/mac/fast/table: Added.
+        * platform/mac/fast/table/max-width-integer-overflow-expected.checksum: Added.
+        * platform/mac/fast/table/max-width-integer-overflow-expected.png: Added.
+        * platform/mac/fast/table/max-width-integer-overflow-expected.txt: Added.
+
 2007-08-20  Mitz Pettel  <mitz@webkit.org>
 

trunk/WebCore/ChangeLog

@@ +1 @@
+2007-08-21  Mitz Pettel  <mitz@webkit.org>
+
+        Reviewed by Darin.
+
+        - fix http://bugs.webkit.org/show_bug.cgi?id=15010
+          <rdar://problem/5423956> REGRESSION (r25000-r25065): Table rendering broken by a recent nightly
+
+        Test: fast/table/max-width-integer-overflow.html
+
+        Avoid integer overflows when dealing with maximum widths by
+        1) using floating point arithmetic when summing or multiplying column max widths
+        2) capping max widths at INT_MAX / 2
+
+        * rendering/AutoTableLayout.cpp:
+        (WebCore::AutoTableLayout::calcPrefWidths):
+        (WebCore::AutoTableLayout::calcEffectiveWidth):
+        (WebCore::AutoTableLayout::layout):
+
 2007-08-20  John Sullivan  <sullivan@apple.com>
 

trunk/WebCore/rendering/AutoTableLayout.cpp

@@ -255 +255 @@
     minWidth = 0;
     maxWidth = 0;
-    int maxPercent = 0;
-    int maxNonPercent = 0;
+    float maxPercent = 0;
+    float maxNonPercent = 0;
+    bool scaleColumns = shouldScaleColumns(m_table);
 
     // We substitute 0 percent by (epsilon / percentScaleFactor) percent in two places below to avoid division by zero.
@@ -266 +267 @@
         minWidth += m_layoutStruct[i].effMinWidth;
         maxWidth += m_layoutStruct[i].effMaxWidth;
-        if (m_layoutStruct[i].effWidth.isPercent()) {
-            int percent = min(m_layoutStruct[i].effWidth.rawValue(), remainingPercent);
-            int pw = (m_layoutStruct[i].effMaxWidth * 100 * percentScaleFactor) / max(percent, epsilon);
-            remainingPercent -= percent;
-            maxPercent = max(pw,  maxPercent);
-        } else {
-            maxNonPercent += m_layoutStruct[i].effMaxWidth;
-        }
-    }
-
-    if (shouldScaleColumns(m_table)) {
+        if (scaleColumns) {
+            if (m_layoutStruct[i].effWidth.isPercent()) {
+                int percent = min(m_layoutStruct[i].effWidth.rawValue(), remainingPercent);
+                float pw = static_cast<float>(m_layoutStruct[i].effMaxWidth) * 100 * percentScaleFactor / max(percent, epsilon);
+                maxPercent = max(pw,  maxPercent);
+                remainingPercent -= percent;
+            } else
+                maxNonPercent += m_layoutStruct[i].effMaxWidth;
+        }
+    }
+
+    if (scaleColumns) {
         maxNonPercent = maxNonPercent * 100 * percentScaleFactor / max(remainingPercent, epsilon);
-        maxWidth = max(maxNonPercent,  maxWidth);
-        maxWidth = max(maxWidth, maxPercent);
+        maxWidth = max(maxWidth, static_cast<int>(min(maxNonPercent, INT_MAX / 2.0f)));
+        maxWidth = max(maxWidth, static_cast<int>(min(maxPercent, INT_MAX / 2.0f)));
     }
 
@@ -301 +303 @@
 int AutoTableLayout::calcEffectiveWidth()
 {
-    int tMaxWidth = 0;
+    float tMaxWidth = 0;
 
     unsigned int nEffCols = m_layoutStruct.size();
@@ -327 +329 @@
         unsigned int lastCol = col;
         int cMinWidth = cell->minPrefWidth() + hspacing;
-        int cMaxWidth = cell->maxPrefWidth() + hspacing;
+        float cMaxWidth = cell->maxPrefWidth() + hspacing;
         int totalPercent = 0;
         int minWidth = 0;
-        int maxWidth = 0;
+        float maxWidth = 0;
         bool allColsArePercent = true;
         bool allColsAreFixed = true;
@@ -386 +388 @@
                 w = Length();
             } else {
-                int spanMax = max(maxWidth, cMaxWidth);
+                float spanMax = max(maxWidth, cMaxWidth);
                 tMaxWidth = max(tMaxWidth, spanMax * 100 * percentScaleFactor / w.rawValue());
 
                 // all non percent columns in the span get percent vlaues to sum up correctly.
                 int percentMissing = w.rawValue() - totalPercent;
-                int totalWidth = 0;
+                float totalWidth = 0;
                 for (unsigned int pos = col; pos < lastCol; pos++) {
                     if (!(m_layoutStruct[pos].effWidth.isPercent()))
@@ -399 +401 @@
                 for (unsigned int pos = col; pos < lastCol && totalWidth > 0; pos++) {
                     if (!(m_layoutStruct[pos].effWidth.isPercent())) {
-                        int percent = percentMissing * m_layoutStruct[pos].effMaxWidth / totalWidth;
+                        int percent = percentMissing * static_cast<float>(m_layoutStruct[pos].effMaxWidth) / totalWidth;
                         totalWidth -= m_layoutStruct[pos].effMaxWidth;
                         percentMissing -= percent;
@@ -423 +425 @@
 
             } else {
-                int maxw = maxWidth;
+                float maxw = maxWidth;
                 int minw = minWidth;
                 
@@ -440 +442 @@
                 for (unsigned int pos = col; maxw >= 0 && pos < lastCol && minw < cMinWidth; pos++) {
                     if (!(m_layoutStruct[pos].width.isFixed() && haveAuto && fixedWidth <= cMinWidth)) {
-                        int w = max(m_layoutStruct[pos].effMinWidth, maxw ? (cMinWidth * m_layoutStruct[pos].effMaxWidth / maxw) : cMinWidth);
+                        int w = max(m_layoutStruct[pos].effMinWidth, static_cast<int>(maxw ? cMinWidth * static_cast<float>(m_layoutStruct[pos].effMaxWidth) / maxw : cMinWidth));
                         w = min(m_layoutStruct[pos].effMinWidth+(cMinWidth-minw), w);
                                                 
@@ -454 +456 @@
             if (cMaxWidth > maxWidth) {
                 for (unsigned int pos = col; maxWidth >= 0 && pos < lastCol; pos++) {
-                    int w = max(m_layoutStruct[pos].effMaxWidth, maxWidth ? (cMaxWidth * m_layoutStruct[pos].effMaxWidth / maxWidth) : cMaxWidth);
+                    int w = max(m_layoutStruct[pos].effMaxWidth, static_cast<int>(maxWidth ? cMaxWidth * static_cast<float>(m_layoutStruct[pos].effMaxWidth) / maxWidth : cMaxWidth));
                     maxWidth -= m_layoutStruct[pos].effMaxWidth;
                     cMaxWidth -= w;
@@ -471 +473 @@
     m_effWidthDirty = false;
 
-    return tMaxWidth;
+    return static_cast<int>(min(tMaxWidth, INT_MAX / 2.0f));
 }
 
@@ -535 +537 @@
     int numAuto = 0;
     int numFixed = 0;
-    int totalAuto = 0;
-    int totalFixed = 0;
+    float totalAuto = 0;
+    float totalFixed = 0;
     int totalPercent = 0;
     int allocAuto = 0;
@@ -639 +641 @@
             Length &width = m_layoutStruct[i].effWidth;
             if (width.isAuto() && totalAuto != 0 && !m_layoutStruct[i].emptyCellsOnly) {
-                int w = max(int(m_layoutStruct[i].calcWidth), available * m_layoutStruct[i].effMaxWidth / totalAuto);
+                int w = max(m_layoutStruct[i].calcWidth, static_cast<int>(available * static_cast<float>(m_layoutStruct[i].effMaxWidth) / totalAuto));
                 available -= w;
                 totalAuto -= m_layoutStruct[i].effMaxWidth;
@@ -656 +658 @@
             Length &width = m_layoutStruct[i].effWidth;
             if (width.isFixed()) {
-                int w = available * m_layoutStruct[i].effMaxWidth / totalFixed;
+                int w = available * static_cast<float>(m_layoutStruct[i].effMaxWidth) / totalFixed;
                 available -= w;
                 totalFixed -= m_layoutStruct[i].effMaxWidth;