Changeset 138736 in webkit


Ignore:
Timestamp:
Jan 3, 2013 1:51:08 PM (11 years ago)
Author:
eae@chromium.org
Message:

Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC
https://bugs.webkit.org/show_bug.cgi?id=105961

Source/WebCore:

Reviewed by Levi Weintraub.

The LayoutUnit::ceil and floor methods overflows if given the
intMaxForLayoutUnit and intMinForLayoutUnit values respectively.
Check for the max/min value to avoid this.

Test: TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp

  • platform/LayoutUnit.h:

(WebCore::LayoutUnit::ceil):
(WebCore::LayoutUnit::floor):
Check for the max/min value and return early to avoid overflow.
Use the UNLIKELY macro to avoid the cost of branch misprediction
for the common case.

Tools:

Reviewed by Levi Weintraub.

Add tests for LayoutUnit::ceil and floor.

  • TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp:

(TestWebKitAPI::TEST):
(TestWebKitAPI):

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r138735 r138736  
     12013-01-03  Emil A Eklund  <eae@chromium.org>
     2
     3        Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC
     4        https://bugs.webkit.org/show_bug.cgi?id=105961
     5
     6        Reviewed by Levi Weintraub.
     7       
     8        The LayoutUnit::ceil and floor methods overflows if given the
     9        intMaxForLayoutUnit and intMinForLayoutUnit values respectively.
     10        Check for the max/min value to avoid this.
     11
     12        Test: TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp
     13
     14        * platform/LayoutUnit.h:
     15        (WebCore::LayoutUnit::ceil):
     16        (WebCore::LayoutUnit::floor):
     17        Check for the max/min value and return early to avoid overflow.
     18        Use the UNLIKELY macro to avoid the cost of branch misprediction
     19        for the common case.
     20
    1212013-01-03  Elliott Sprehn  <esprehn@gmail.com>
    222
  • trunk/Source/WebCore/platform/LayoutUnit.h

    r138046 r138736  
    197197    {
    198198#if ENABLE(SUBPIXEL_LAYOUT)
     199#if ENABLE(SATURATED_LAYOUT_ARITHMETIC)
     200        if (UNLIKELY(m_value >= INT_MAX - kEffectiveFixedPointDenominator + 1))
     201            return intMaxForLayoutUnit;
     202#endif
    199203        if (m_value >= 0)
    200204            return (m_value + kEffectiveFixedPointDenominator - 1) / kEffectiveFixedPointDenominator;
     
    222226    {
    223227#if ENABLE(SUBPIXEL_LAYOUT)
     228#if ENABLE(SATURATED_LAYOUT_ARITHMETIC)
     229        if (UNLIKELY(m_value <= INT_MIN + kEffectiveFixedPointDenominator - 1))
     230            return intMinForLayoutUnit;
     231#endif
    224232        if (m_value >= 0)
    225233            return toInt();
  • trunk/Tools/ChangeLog

    r138733 r138736  
     12013-01-03  Emil A Eklund  <eae@chromium.org>
     2
     3        Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC
     4        https://bugs.webkit.org/show_bug.cgi?id=105961
     5
     6        Reviewed by Levi Weintraub.
     7       
     8        Add tests for LayoutUnit::ceil and floor.
     9
     10        * TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp:
     11        (TestWebKitAPI::TEST):
     12        (TestWebKitAPI):
     13
    1142013-01-03  Julie Parent  <jparent@chromium.org>
    215
  • trunk/Tools/TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp

    r138050 r138736  
    188188}
    189189
     190TEST(WebCoreLayoutUnit, LayoutUnitCeil)
     191{
     192    ASSERT_EQ(LayoutUnit(0).ceil(), 0);
     193    ASSERT_EQ(LayoutUnit(0.1).ceil(), 1);
     194    ASSERT_EQ(LayoutUnit(0.5).ceil(), 1);
     195    ASSERT_EQ(LayoutUnit(0.9).ceil(), 1);
     196    ASSERT_EQ(LayoutUnit(1.0).ceil(), 1);
     197    ASSERT_EQ(LayoutUnit(1.1).ceil(), 2);
     198   
     199    ASSERT_EQ(LayoutUnit(-0.1).ceil(), 0);
     200    ASSERT_EQ(LayoutUnit(-0.5).ceil(), 0);
     201    ASSERT_EQ(LayoutUnit(-0.9).ceil(), 0);
     202    ASSERT_EQ(LayoutUnit(-1.0).ceil(), -1);
     203   
     204    ASSERT_EQ(LayoutUnit(intMaxForLayoutUnit).ceil(), intMaxForLayoutUnit);
     205    ASSERT_EQ((LayoutUnit(intMaxForLayoutUnit) - LayoutUnit(0.5)).ceil(), intMaxForLayoutUnit);
     206    ASSERT_EQ((LayoutUnit(intMaxForLayoutUnit) - LayoutUnit(1)).ceil(), intMaxForLayoutUnit - 1);
     207
     208    ASSERT_EQ(LayoutUnit(intMinForLayoutUnit).ceil(), intMinForLayoutUnit);
     209}
     210
     211TEST(WebCoreLayoutUnit, LayoutUnitFloor)
     212{
     213    ASSERT_EQ(LayoutUnit(0).floor(), 0);
     214    ASSERT_EQ(LayoutUnit(0.1).floor(), 0);
     215    ASSERT_EQ(LayoutUnit(0.5).floor(), 0);
     216    ASSERT_EQ(LayoutUnit(0.9).floor(), 0);
     217    ASSERT_EQ(LayoutUnit(1.0).floor(), 1);
     218    ASSERT_EQ(LayoutUnit(1.1).floor(), 1);
     219   
     220    ASSERT_EQ(LayoutUnit(-0.1).floor(), -1);
     221    ASSERT_EQ(LayoutUnit(-0.5).floor(), -1);
     222    ASSERT_EQ(LayoutUnit(-0.9).floor(), -1);
     223    ASSERT_EQ(LayoutUnit(-1.0).floor(), -1);
     224   
     225    ASSERT_EQ(LayoutUnit(intMaxForLayoutUnit).floor(), intMaxForLayoutUnit);
     226
     227    ASSERT_EQ(LayoutUnit(intMinForLayoutUnit).floor(), intMinForLayoutUnit);
     228    ASSERT_EQ((LayoutUnit(intMinForLayoutUnit) + LayoutUnit(0.5)).floor(), intMinForLayoutUnit);
     229    ASSERT_EQ((LayoutUnit(intMinForLayoutUnit) + LayoutUnit(1)).floor(), intMinForLayoutUnit + 1);
     230}
     231
    190232
    191233} // namespace TestWebKitAPI
Note: See TracChangeset for help on using the changeset viewer.