Changeset 138736 in webkit
- Timestamp:
- Jan 3, 2013 1:51:08 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r138735 r138736 1 2013-01-03 Emil A Eklund <eae@chromium.org> 2 3 Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC 4 https://bugs.webkit.org/show_bug.cgi?id=105961 5 6 Reviewed by Levi Weintraub. 7 8 The LayoutUnit::ceil and floor methods overflows if given the 9 intMaxForLayoutUnit and intMinForLayoutUnit values respectively. 10 Check for the max/min value to avoid this. 11 12 Test: TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp 13 14 * platform/LayoutUnit.h: 15 (WebCore::LayoutUnit::ceil): 16 (WebCore::LayoutUnit::floor): 17 Check for the max/min value and return early to avoid overflow. 18 Use the UNLIKELY macro to avoid the cost of branch misprediction 19 for the common case. 20 1 21 2013-01-03 Elliott Sprehn <esprehn@gmail.com> 2 22 -
trunk/Source/WebCore/platform/LayoutUnit.h
r138046 r138736 197 197 { 198 198 #if ENABLE(SUBPIXEL_LAYOUT) 199 #if ENABLE(SATURATED_LAYOUT_ARITHMETIC) 200 if (UNLIKELY(m_value >= INT_MAX - kEffectiveFixedPointDenominator + 1)) 201 return intMaxForLayoutUnit; 202 #endif 199 203 if (m_value >= 0) 200 204 return (m_value + kEffectiveFixedPointDenominator - 1) / kEffectiveFixedPointDenominator; … … 222 226 { 223 227 #if ENABLE(SUBPIXEL_LAYOUT) 228 #if ENABLE(SATURATED_LAYOUT_ARITHMETIC) 229 if (UNLIKELY(m_value <= INT_MIN + kEffectiveFixedPointDenominator - 1)) 230 return intMinForLayoutUnit; 231 #endif 224 232 if (m_value >= 0) 225 233 return toInt(); -
trunk/Tools/ChangeLog
r138733 r138736 1 2013-01-03 Emil A Eklund <eae@chromium.org> 2 3 Fix overflow in LayoutUnit::ceil and floor for SATURATED_LAYOUT_ARITHMETIC 4 https://bugs.webkit.org/show_bug.cgi?id=105961 5 6 Reviewed by Levi Weintraub. 7 8 Add tests for LayoutUnit::ceil and floor. 9 10 * TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp: 11 (TestWebKitAPI::TEST): 12 (TestWebKitAPI): 13 1 14 2013-01-03 Julie Parent <jparent@chromium.org> 2 15 -
trunk/Tools/TestWebKitAPI/Tests/WebCore/LayoutUnit.cpp
r138050 r138736 188 188 } 189 189 190 TEST(WebCoreLayoutUnit, LayoutUnitCeil) 191 { 192 ASSERT_EQ(LayoutUnit(0).ceil(), 0); 193 ASSERT_EQ(LayoutUnit(0.1).ceil(), 1); 194 ASSERT_EQ(LayoutUnit(0.5).ceil(), 1); 195 ASSERT_EQ(LayoutUnit(0.9).ceil(), 1); 196 ASSERT_EQ(LayoutUnit(1.0).ceil(), 1); 197 ASSERT_EQ(LayoutUnit(1.1).ceil(), 2); 198 199 ASSERT_EQ(LayoutUnit(-0.1).ceil(), 0); 200 ASSERT_EQ(LayoutUnit(-0.5).ceil(), 0); 201 ASSERT_EQ(LayoutUnit(-0.9).ceil(), 0); 202 ASSERT_EQ(LayoutUnit(-1.0).ceil(), -1); 203 204 ASSERT_EQ(LayoutUnit(intMaxForLayoutUnit).ceil(), intMaxForLayoutUnit); 205 ASSERT_EQ((LayoutUnit(intMaxForLayoutUnit) - LayoutUnit(0.5)).ceil(), intMaxForLayoutUnit); 206 ASSERT_EQ((LayoutUnit(intMaxForLayoutUnit) - LayoutUnit(1)).ceil(), intMaxForLayoutUnit - 1); 207 208 ASSERT_EQ(LayoutUnit(intMinForLayoutUnit).ceil(), intMinForLayoutUnit); 209 } 210 211 TEST(WebCoreLayoutUnit, LayoutUnitFloor) 212 { 213 ASSERT_EQ(LayoutUnit(0).floor(), 0); 214 ASSERT_EQ(LayoutUnit(0.1).floor(), 0); 215 ASSERT_EQ(LayoutUnit(0.5).floor(), 0); 216 ASSERT_EQ(LayoutUnit(0.9).floor(), 0); 217 ASSERT_EQ(LayoutUnit(1.0).floor(), 1); 218 ASSERT_EQ(LayoutUnit(1.1).floor(), 1); 219 220 ASSERT_EQ(LayoutUnit(-0.1).floor(), -1); 221 ASSERT_EQ(LayoutUnit(-0.5).floor(), -1); 222 ASSERT_EQ(LayoutUnit(-0.9).floor(), -1); 223 ASSERT_EQ(LayoutUnit(-1.0).floor(), -1); 224 225 ASSERT_EQ(LayoutUnit(intMaxForLayoutUnit).floor(), intMaxForLayoutUnit); 226 227 ASSERT_EQ(LayoutUnit(intMinForLayoutUnit).floor(), intMinForLayoutUnit); 228 ASSERT_EQ((LayoutUnit(intMinForLayoutUnit) + LayoutUnit(0.5)).floor(), intMinForLayoutUnit); 229 ASSERT_EQ((LayoutUnit(intMinForLayoutUnit) + LayoutUnit(1)).floor(), intMinForLayoutUnit + 1); 230 } 231 190 232 191 233 } // namespace TestWebKitAPI
Note: See TracChangeset
for help on using the changeset viewer.