Hi, On 31/07/13 22:40, Ryosuke Niwa wrote: > Can't we encounter the same bug if we you multiplied the same height by > 64 even if the sub pixel layout is not turned off? Or is there some > parser and other component that prevents such an overflow to happen? >
For the specific case of max-height, if subpixel_layout is not enabled, I think the LayoutUnit class will use the REPORT_OVERFLOW macro to spot the issue during the CSS parsing stage; the LayoutUnit will call MathExtras::clampTo on the initial CSS value. Precisely, SATURATED_ARITHMETIC_LAYOUT, which requires SUBPIXEL_LAYOUT support, is intended to protect the arithmetic operations, since the initial values are already under control. But, targeting your specific question, it would b possible to define a maxh-height CSS Property value which does not overflow, hence multiplying by 64 during the layout phase will spot the same bug, so the answer to your specific question is: yes, the same bug will appear in some cases even if subpixel_layout is not enabled. Perhaps that's a interesting scenario to study, so I'll prepare some test to verify whether I manage to reproduce the issue without subpixel_layout support. Regards, -- Javi _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev