Changeset 156183 in webkit


Ignore:
Timestamp:
Sep 20, 2013, 11:31:53 AM (11 years ago)
Author:
ap@apple.com
Message:

REGRESSION (r156140): Srcset tests are frequently crashing
https://bugs.webkit.org/show_bug.cgi?id=121695

Reviewed by Dean Jackson.

Returning a string created without copying bytes is not safe. It used to be OK
because a new string was immediately created by decodeURLEscapeSequences().
But even that was not great, because decodeURLEscapeSequences() could potentially
return the same string, not a deep copy, if we decided to optimize it like that.

Also made a number of drive-by style fixes.

  • It's URL, not Url.
  • It's srcset, not srcSet.
  • We don't add ".0" in floating point value initializers. It's particularly misleading

to initialize a float with 1.0, which is a double value.

  • Renamed srcSetLength to srcsetAttributeLength to match srcsetAttribute variable

whose length it caches.

  • html/parser/HTMLParserIdioms.cpp:

(WebCore::parseImagesWithScaleFromSrcsetAttribute):
(WebCore::bestFitSourceForImageAttributes):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r156182 r156183  
     12013-09-20  Alexey Proskuryakov  <ap@apple.com>
     2
     3        REGRESSION (r156140): Srcset tests are frequently crashing
     4        https://bugs.webkit.org/show_bug.cgi?id=121695
     5
     6        Reviewed by Dean Jackson.
     7
     8        Returning a string created without copying bytes is not safe. It used to be OK
     9        because a new string was immediately created by decodeURLEscapeSequences().
     10        But even that was not great, because decodeURLEscapeSequences() could potentially
     11        return the same string, not a deep copy, if we decided to optimize it like that.
     12
     13        Also made a number of drive-by style fixes.
     14        - It's URL, not Url.
     15        - It's srcset, not srcSet.
     16        -  We don't add ".0" in floating point value initializers. It's particularly misleading
     17        to initialize a float with 1.0, which is a double value.
     18        - Renamed srcSetLength to srcsetAttributeLength to match srcsetAttribute variable
     19        whose length it caches.
     20
     21        * html/parser/HTMLParserIdioms.cpp:
     22        (WebCore::parseImagesWithScaleFromSrcsetAttribute):
     23        (WebCore::bestFitSourceForImageAttributes):
     24
    1252013-09-19  Martin Robinson  <mrobinson@igalia.com>
    226

  • trunk/Source/WebCore/html/parser/HTMLParserIdioms.cpp

    r156140 r156183  
    322322// See the specifications for more details about the algorithm to follow.
    323323// http://www.w3.org/TR/2013/WD-html-srcset-20130228/#processing-the-image-candidates.
    324 static void parseImagesWithScaleFromSrcSetAttribute(const String& srcSetAttribute, ImageCandidates& imageCandidates)
    325 {
     324static void parseImagesWithScaleFromSrcsetAttribute(const String& srcsetAttribute, ImageCandidates& imageCandidates)
     325{
     326    ASSERT(imageCandidates.isEmpty());
     327
    326328    size_t imageCandidateStart = 0;
    327     unsigned srcSetLength = srcSetAttribute.length();
    328 
    329     while (imageCandidateStart < srcSetLength) {
    330         float imgScaleFactor = 1.0;
     329    unsigned srcsetAttributeLength = srcsetAttribute.length();
     330
     331    while (imageCandidateStart < srcsetAttributeLength) {
     332        float imageScaleFactor = 1;
    331333        size_t separator;
    332334
    333335        // 4. Splitting loop: Skip whitespace.
    334         size_t imageUrlStart = srcSetAttribute.find(isNotHTMLSpace, imageCandidateStart);
    335         if (imageUrlStart == notFound)
     336        size_t imageURLStart = srcsetAttribute.find(isNotHTMLSpace, imageCandidateStart);
     337        if (imageURLStart == notFound)
    336338            break;
    337339        // If The current candidate is either totally empty or only contains space, skipping.
    338         if (srcSetAttribute[imageUrlStart] == ',') {
    339             imageCandidateStart = imageUrlStart + 1;
     340        if (srcsetAttribute[imageURLStart] == ',') {
     341            imageCandidateStart = imageURLStart + 1;
    340342            continue;
    341343        }
    342344        // 5. Collect a sequence of characters that are not space characters, and let that be url.
    343         size_t imageUrlEnd = srcSetAttribute.find(isHTMLSpace, imageUrlStart + 1);
    344         if (imageUrlEnd == notFound) {
    345             imageUrlEnd = srcSetLength;
    346             separator = srcSetLength;
    347         } else if (srcSetAttribute[imageUrlEnd - 1] == ',') {
    348             --imageUrlEnd;
    349             separator = imageUrlEnd;
     345        size_t imageURLEnd = srcsetAttribute.find(isHTMLSpace, imageURLStart + 1);
     346        if (imageURLEnd == notFound) {
     347            imageURLEnd = srcsetAttributeLength;
     348            separator = srcsetAttributeLength;
     349        } else if (srcsetAttribute[imageURLEnd - 1] == ',') {
     350            --imageURLEnd;
     351            separator = imageURLEnd;
    350352        } else {
    351353            // 7. Collect a sequence of characters that are not "," (U+002C) characters, and let that be descriptors.
    352             size_t imageScaleStart = srcSetAttribute.find(isNotHTMLSpace, imageUrlEnd + 1);
     354            size_t imageScaleStart = srcsetAttribute.find(isNotHTMLSpace, imageURLEnd + 1);
    353355            if (imageScaleStart == notFound)
    354                 separator = srcSetLength;
    355             else if (srcSetAttribute[imageScaleStart] == ',')
     356                separator = srcsetAttributeLength;
     357            else if (srcsetAttribute[imageScaleStart] == ',')
    356358                separator = imageScaleStart;
    357359            else {
    358360                // This part differs from the spec as the current implementation only supports pixel density descriptors for now.
    359                 size_t imageScaleEnd = srcSetAttribute.find(isHTMLSpaceOrComma, imageScaleStart + 1);
    360                 imageScaleEnd = (imageScaleEnd == notFound) ? srcSetLength : imageScaleEnd;
     361                size_t imageScaleEnd = srcsetAttribute.find(isHTMLSpaceOrComma, imageScaleStart + 1);
     362                imageScaleEnd = (imageScaleEnd == notFound) ? srcsetAttributeLength : imageScaleEnd;
    361363                size_t commaPosition = imageScaleEnd;
    362364                // Make sure there are no other descriptors.
    363                 while ((commaPosition < srcSetLength - 1) && isHTMLSpace(srcSetAttribute[commaPosition]))
     365                while ((commaPosition < srcsetAttributeLength - 1) && isHTMLSpace(srcsetAttribute[commaPosition]))
    364366                    ++commaPosition;
    365367                // If the first not html space character after the scale modifier is not a comma,
    366368                // the current candidate is an invalid input.
    367                 if ((commaPosition < srcSetLength - 1) && srcSetAttribute[commaPosition] != ',') {
     369                if ((commaPosition < srcsetAttributeLength - 1) && srcsetAttribute[commaPosition] != ',') {
    368370                    // Find the nearest comma and skip the input.
    369                     commaPosition = srcSetAttribute.find(',', commaPosition + 1);
     371                    commaPosition = srcsetAttribute.find(',', commaPosition + 1);
    370372                    if (commaPosition == notFound)
    371373                        break;
     
    374376                }
    375377                separator = commaPosition;
    376                 if (srcSetAttribute[imageScaleEnd - 1] != 'x') {
     378                if (srcsetAttribute[imageScaleEnd - 1] != 'x') {
    377379                    imageCandidateStart = separator + 1;
    378380                    continue;
     
    380382                bool validScaleFactor = false;
    381383                size_t scaleFactorLengthWithoutUnit = imageScaleEnd - imageScaleStart - 1;
    382                 imgScaleFactor = charactersToFloat(srcSetAttribute.characters() + imageScaleStart, scaleFactorLengthWithoutUnit, &validScaleFactor);
     384                imageScaleFactor = charactersToFloat(srcsetAttribute.characters() + imageScaleStart, scaleFactorLengthWithoutUnit, &validScaleFactor);
    383385
    384386                if (!validScaleFactor) {
     
    389391        }
    390392        ImageWithScale image;
    391         image.imageURL = StringImpl::createWithoutCopying(srcSetAttribute.characters() + imageUrlStart, imageUrlEnd - imageUrlStart);
    392         image.scaleFactor = imgScaleFactor;
     393        image.imageURL = String(srcsetAttribute.characters() + imageURLStart, imageURLEnd - imageURLStart);
     394        image.scaleFactor = imageScaleFactor;
    393395
    394396        imageCandidates.append(image);
     
    398400}
    399401
    400 String bestFitSourceForImageAttributes(float deviceScaleFactor, const String& srcAttribute, const String& srcSetAttribute)
     402String bestFitSourceForImageAttributes(float deviceScaleFactor, const String& srcAttribute, const String& srcsetAttribute)
    401403{
    402404    ImageCandidates imageCandidates;
    403405
    404     parseImagesWithScaleFromSrcSetAttribute(srcSetAttribute, imageCandidates);
     406    parseImagesWithScaleFromSrcsetAttribute(srcsetAttribute, imageCandidates);
    405407
    406408    const String src =  srcAttribute.simplifyWhiteSpace(isHTMLSpace);
Note: See TracChangeset for help on using the changeset viewer.