Padding and borders can cause integer overflow in block layouts
authorjpfau@apple.com <jpfau@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Jun 2012 23:30:22 +0000 (23:30 +0000)
committerjpfau@apple.com <jpfau@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Jun 2012 23:30:22 +0000 (23:30 +0000)
commit49bc7482b258871389ff2779b7d562157c9063b7
treeed403e37d7df81e6ec7666bbce4f86ce2fcb6519
parent07feb3ba58bebeb088580a189d5ac3c677a775ec
Padding and borders can cause integer overflow in block layouts
https://bugs.webkit.org/show_bug.cgi?id=88820
<rdar://problem/11328762>

Reviewed by Tony Chang.

Source/WebCore:

Tests: fast/block/block-size-integer-overflow.html
       fast/flexbox/box-size-integer-overflow.html
       fast/table/table-size-integer-overflow.html

* rendering/AutoTableLayout.cpp: Decreased max int.
(WebCore::AutoTableLayout::computePreferredLogicalWidths):
* rendering/FixedTableLayout.cpp: Use shared constant.
(WebCore::FixedTableLayout::computePreferredLogicalWidths):
* rendering/RenderBlock.cpp: Removed unused constant.
* rendering/TableLayout.h: Add shared constant.
(TableLayout):

LayoutTests:

* fast/block/block-size-integer-overflow-expected.txt: Added.
* fast/block/block-size-integer-overflow.html: Added.
* fast/flexbox/box-size-integer-overflow-expected.txt: Added.
* fast/flexbox/box-size-integer-overflow.html: Added.
* fast/table/table-size-integer-overflow-expected.txt: Added.
* fast/table/table-size-integer-overflow.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@120257 268f45cc-cd09-0410-ab3c-d52691b4dbfc
12 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/block/block-size-integer-overflow-expected.txt [new file with mode: 0644]
LayoutTests/fast/block/block-size-integer-overflow.html [new file with mode: 0644]
LayoutTests/fast/flexbox/box-size-integer-overflow-expected.txt [new file with mode: 0644]
LayoutTests/fast/flexbox/box-size-integer-overflow.html [new file with mode: 0644]
LayoutTests/fast/table/table-size-integer-overflow-expected.txt [new file with mode: 0644]
LayoutTests/fast/table/table-size-integer-overflow.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/AutoTableLayout.cpp
Source/WebCore/rendering/FixedTableLayout.cpp
Source/WebCore/rendering/RenderBlock.cpp
Source/WebCore/rendering/TableLayout.h