Title: [119310] trunk/Source/WebCore
- Revision
- 119310
- Author
- [email protected]
- Date
- 2012-06-01 20:17:57 -0700 (Fri, 01 Jun 2012)
Log Message
Large number constant in TransformationMatrix::projectPoint overflows FractionalLayoutUnits with sub-pixel layout enabled
https://bugs.webkit.org/show_bug.cgi?id=87896
Reviewed by James Robinson.
kLargeNumber is meant to avoid overflowing when projecting a point through a transform. Unfortunately,
due to FractionalLayoutUnit's diminished range compared to integers, we were overflowing anyways. This
change adjusts our large number by the same value, but adjusted for our denominator.
This was originally missed because transforms/3d is marked as pass/fail in Chromium's test_expectations.txt
https://bugs.webkit.org/show_bug.cgi?id=66989 tracks removing this problem.
No new tests. Covered by transforms/3d/hit-testing/perspective-clipped.html
* platform/graphics/transforms/TransformationMatrix.cpp:
(WebCore::TransformationMatrix::projectPoint):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (119309 => 119310)
--- trunk/Source/WebCore/ChangeLog 2012-06-02 02:47:39 UTC (rev 119309)
+++ trunk/Source/WebCore/ChangeLog 2012-06-02 03:17:57 UTC (rev 119310)
@@ -1,3 +1,22 @@
+2012-06-01 Levi Weintraub <[email protected]>
+
+ Large number constant in TransformationMatrix::projectPoint overflows FractionalLayoutUnits with sub-pixel layout enabled
+ https://bugs.webkit.org/show_bug.cgi?id=87896
+
+ Reviewed by James Robinson.
+
+ kLargeNumber is meant to avoid overflowing when projecting a point through a transform. Unfortunately,
+ due to FractionalLayoutUnit's diminished range compared to integers, we were overflowing anyways. This
+ change adjusts our large number by the same value, but adjusted for our denominator.
+
+ This was originally missed because transforms/3d is marked as pass/fail in Chromium's test_expectations.txt
+ https://bugs.webkit.org/show_bug.cgi?id=66989 tracks removing this problem.
+
+ No new tests. Covered by transforms/3d/hit-testing/perspective-clipped.html
+
+ * platform/graphics/transforms/TransformationMatrix.cpp:
+ (WebCore::TransformationMatrix::projectPoint):
+
2012-06-01 Tim Horton <[email protected]>
Cleanup GeneratorGeneratedImage/Gradient changes from r117858
Modified: trunk/Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp (119309 => 119310)
--- trunk/Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp 2012-06-02 02:47:39 UTC (rev 119309)
+++ trunk/Source/WebCore/platform/graphics/transforms/TransformationMatrix.cpp 2012-06-02 03:17:57 UTC (rev 119310)
@@ -576,9 +576,9 @@
// Using int max causes overflow when other code uses the projected point. To
// represent infinity yet reduce the risk of overflow, we use a large but
// not-too-large number here when clamping.
- const int kLargeNumber = 100000000;
- outX = copysign(kLargeNumber, outX);
- outY = copysign(kLargeNumber, outY);
+ const int largeNumber = 100000000 / kFixedPointDenominator;
+ outX = copysign(largeNumber, outX);
+ outY = copysign(largeNumber, outY);
if (clamped)
*clamped = true;
} else if (w != 1) {
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
