[css-grid] Fix crash clamping grid lines
authorrego@igalia.com <rego@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 Jan 2017 07:03:09 +0000 (07:03 +0000)
committerrego@igalia.com <rego@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 Jan 2017 07:03:09 +0000 (07:03 +0000)
https://bugs.webkit.org/show_bug.cgi?id=166637

Reviewed by Darin Adler.

Source/WebCore:

Avoid issues with very big values for the grid lines clamping them on GridPosition.

Test: fast/css-grid-layout/grid-position-crash.html

* rendering/style/GridArea.h: Move kGridMaxTracks definition to GridPosition.
* rendering/style/GridPosition.h:
(WebCore::GridPosition::setExplicitPosition): Use new setIntegerPosition().
(WebCore::GridPosition::setSpanPosition): Ditto.
(WebCore::GridPosition::setIntegerPosition): Clamp the position using kGridMaxTracks.

Tools:

Creates new unit test to verify that the maximum tracks limit
is used in GridPosition too.

* TestWebKitAPI/PlatformEfl.cmake:
* TestWebKitAPI/PlatformGTK.cmake:
* TestWebKitAPI/PlatformWin.cmake:
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebCore/GridPosition.cpp: Added.
(TestWebKitAPI::TEST):

LayoutTests:

* fast/css-grid-layout/grid-position-crash-expected.txt: Added.
* fast/css-grid-layout/grid-position-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@210320 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/css-grid-layout/grid-position-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/css-grid-layout/grid-position-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/style/GridArea.h
Source/WebCore/rendering/style/GridPosition.h
Tools/ChangeLog
Tools/TestWebKitAPI/PlatformEfl.cmake
Tools/TestWebKitAPI/PlatformGTK.cmake
Tools/TestWebKitAPI/PlatformWin.cmake
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/WebCore/GridPosition.cpp [new file with mode: 0644]

index 3e74e50..485f712 100644 (file)
@@ -1,3 +1,13 @@
+2017-01-04  Manuel Rego Casasnovas  <rego@igalia.com>
+
+        [css-grid] Fix crash clamping grid lines
+        https://bugs.webkit.org/show_bug.cgi?id=166637
+
+        Reviewed by Darin Adler.
+
+        * fast/css-grid-layout/grid-position-crash-expected.txt: Added.
+        * fast/css-grid-layout/grid-position-crash.html: Added.
+
 2017-01-04  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Remove runtime flag for variation fonts
diff --git a/LayoutTests/fast/css-grid-layout/grid-position-crash-expected.txt b/LayoutTests/fast/css-grid-layout/grid-position-crash-expected.txt
new file mode 100644 (file)
index 0000000..81f61c9
--- /dev/null
@@ -0,0 +1,3 @@
+This test passes if it does not crash and you see a green "PASS" below.
+
+PASS
diff --git a/LayoutTests/fast/css-grid-layout/grid-position-crash.html b/LayoutTests/fast/css-grid-layout/grid-position-crash.html
new file mode 100644 (file)
index 0000000..7efd9a2
--- /dev/null
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+}
+</script>
+<p>This test passes if it does not crash and you see a green "PASS" below.</p>
+<div style="display: grid; color: green;">
+    <div style="grid-column-start: 5000000000 foo;">PASS</div>
+</div>
index fab882b..74d5110 100644 (file)
@@ -1,3 +1,20 @@
+2017-01-04  Manuel Rego Casasnovas  <rego@igalia.com>
+
+        [css-grid] Fix crash clamping grid lines
+        https://bugs.webkit.org/show_bug.cgi?id=166637
+
+        Reviewed by Darin Adler.
+
+        Avoid issues with very big values for the grid lines clamping them on GridPosition.
+
+        Test: fast/css-grid-layout/grid-position-crash.html
+
+        * rendering/style/GridArea.h: Move kGridMaxTracks definition to GridPosition.
+        * rendering/style/GridPosition.h:
+        (WebCore::GridPosition::setExplicitPosition): Use new setIntegerPosition().
+        (WebCore::GridPosition::setSpanPosition): Ditto.
+        (WebCore::GridPosition::setIntegerPosition): Clamp the position using kGridMaxTracks.
+
 2017-01-04  Darin Adler  <darin@apple.com>
 
         Remove PassRefPtr use from the "html" directory, other improvements
index 8040076..6c07ea4 100644 (file)
@@ -39,9 +39,6 @@
 
 namespace WebCore {
 
-// Recommended maximum size for both explicit and implicit grids.
-const int kGridMaxTracks = 1000000;
-
 // A span in a single direction (either rows or columns). Note that |startLine|
 // and |endLine| are grid lines' indexes.
 // Despite line numbers in the spec start in "1", the indexes here start in "0".
index ba0f12f..f2ed01e 100644 (file)
@@ -37,6 +37,9 @@
 
 namespace WebCore {
 
+// Recommended maximum size for both explicit and implicit grids.
+const int kGridMaxTracks = 1000000;
+
 enum GridPositionType {
     AutoPosition,
     ExplicitPosition, // [ <integer> || <string> ]
@@ -69,7 +72,7 @@ public:
     void setExplicitPosition(int position, const String& namedGridLine)
     {
         m_type = ExplicitPosition;
-        m_integerPosition = position;
+        setIntegerPosition(position);
         m_namedGridLine = namedGridLine;
     }
 
@@ -85,7 +88,7 @@ public:
     void setSpanPosition(int position, const String& namedGridLine)
     {
         m_type = SpanPosition;
-        m_integerPosition = position;
+        setIntegerPosition(position);
         m_namedGridLine = namedGridLine;
     }
 
@@ -122,7 +125,13 @@ public:
     {
         return isAuto() || isSpan();
     }
+
 private:
+    void setIntegerPosition(int integerPosition)
+    {
+        m_integerPosition = clampTo(integerPosition, -kGridMaxTracks, kGridMaxTracks);
+    }
+
     GridPositionType m_type;
     int m_integerPosition;
     String m_namedGridLine;
index 6b87705..8760d5a 100644 (file)
@@ -1,3 +1,20 @@
+2017-01-04  Manuel Rego Casasnovas  <rego@igalia.com>
+
+        [css-grid] Fix crash clamping grid lines
+        https://bugs.webkit.org/show_bug.cgi?id=166637
+
+        Reviewed by Darin Adler.
+
+        Creates new unit test to verify that the maximum tracks limit
+        is used in GridPosition too.
+
+        * TestWebKitAPI/PlatformEfl.cmake:
+        * TestWebKitAPI/PlatformGTK.cmake:
+        * TestWebKitAPI/PlatformWin.cmake:
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WebCore/GridPosition.cpp: Added.
+        (TestWebKitAPI::TEST):
+
 2017-01-04  Wenson Hsieh  <wenson_hsieh@apple.com>
 
         Move editing history scripts to WebCore PrivateHeaders
index e1c3f18..7a9c814 100644 (file)
@@ -57,6 +57,7 @@ list(APPEND TestJavaScriptCore_LIBRARIES
 
 set(test_webcore_BINARIES
     CSSParser
+    GridPosition
     HTMLParserIdioms
     LayoutUnit
     URL
index 0e401d5..cff9676 100644 (file)
@@ -132,6 +132,7 @@ add_executable(TestWebCore
     ${TESTWEBKITAPI_DIR}/TestsController.cpp
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/CSSParser.cpp
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/FileSystem.cpp
+    ${TESTWEBKITAPI_DIR}/Tests/WebCore/GridPosition.cpp
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/HTMLParserIdioms.cpp
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/LayoutUnit.cpp
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/PublicSuffix.cpp
index e30c4a3..757bb8d 100644 (file)
@@ -50,6 +50,7 @@ set(TestWebCoreLib_SOURCES
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/FloatRect.cpp
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/FloatPoint.cpp
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/FloatSize.cpp
+    ${TESTWEBKITAPI_DIR}/Tests/WebCore/GridPosition.cpp
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/HTMLParserIdioms.cpp
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/IntRect.cpp
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/IntPoint.cpp
index e409d18..4056424 100644 (file)
                835CF9671D25FCD6001A65D4 /* RestoreSessionStateWithoutNavigation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 835CF9661D25FCD6001A65D4 /* RestoreSessionStateWithoutNavigation.cpp */; };
                837A35F11D9A1E7D00663C57 /* DownloadRequestBlobURL.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 837A35F01D9A1E6400663C57 /* DownloadRequestBlobURL.html */; };
                83CF1C301C4F1B8B00688447 /* StringUtilities.mm in Sources */ = {isa = PBXBuildFile; fileRef = 83CF1C2C1C4F19AE00688447 /* StringUtilities.mm */; };
+               8E4A85371E1D1AB200F53B0F /* GridPosition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 8E4A85361E1D1AA100F53B0F /* GridPosition.cpp */; };
                930AD402150698D00067970F /* lots-of-text.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 930AD401150698B30067970F /* lots-of-text.html */; };
                9329AA291DE3F81E003ABD07 /* TextBreakIterator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 9329AA281DE3F81E003ABD07 /* TextBreakIterator.cpp */; };
                932AE53D1D371047005DFFAF /* focus-inputs.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 93575C551D30366E000D604D /* focus-inputs.html */; };
                8A3AF93A16C9ED2700D248C1 /* ReloadPageAfterCrash.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ReloadPageAfterCrash.cpp; sourceTree = "<group>"; };
                8AA28C1916D2FA7B002FF4DB /* LoadPageOnCrash.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LoadPageOnCrash.cpp; sourceTree = "<group>"; };
                8DD76FA10486AA7600D96B5E /* TestWebKitAPI */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = TestWebKitAPI; sourceTree = BUILT_PRODUCTS_DIR; };
+               8E4A85361E1D1AA100F53B0F /* GridPosition.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GridPosition.cpp; sourceTree = "<group>"; };
                930AD401150698B30067970F /* lots-of-text.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "lots-of-text.html"; sourceTree = "<group>"; };
                9329AA281DE3F81E003ABD07 /* TextBreakIterator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TextBreakIterator.cpp; sourceTree = "<group>"; };
                9331407B17B4419000F083B1 /* DidNotHandleKeyDown.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DidNotHandleKeyDown.cpp; sourceTree = "<group>"; };
                440A1D3614A01000008A66F2 /* WebCore */ = {
                        isa = PBXGroup;
                        children = (
+                               8E4A85361E1D1AA100F53B0F /* GridPosition.cpp */,
                                CD89D0371C4EDB1300040A04 /* cocoa */,
                                7A909A6F1D877475007E10F8 /* AffineTransform.cpp */,
                                7A909A701D877475007E10F8 /* FloatPoint.cpp */,
                                7CCE7F0E1A411AE600447C4C /* ResizeReversePaginatedWebView.cpp in Sources */,
                                7CCE7F0F1A411AE600447C4C /* ResizeWindowAfterCrash.cpp in Sources */,
                                7CCE7F101A411AE600447C4C /* ResponsivenessTimerDoesntFireEarly.cpp in Sources */,
+                               8E4A85371E1D1AB200F53B0F /* GridPosition.cpp in Sources */,
                                7CCE7F111A411AE600447C4C /* RestoreSessionStateContainingFormData.cpp in Sources */,
                                7A909A811D877480007E10F8 /* IntPoint.cpp in Sources */,
                                835CF9671D25FCD6001A65D4 /* RestoreSessionStateWithoutNavigation.cpp in Sources */,
diff --git a/Tools/TestWebKitAPI/Tests/WebCore/GridPosition.cpp b/Tools/TestWebKitAPI/Tests/WebCore/GridPosition.cpp
new file mode 100644 (file)
index 0000000..b0d0b19
--- /dev/null
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2017 Igalia, S.L. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <WebCore/GridPosition.h>
+
+namespace TestWebKitAPI {
+
+TEST(GridPositionTest, GridPositionLimits)
+{
+#if ENABLE(CSS_GRID_LAYOUT)
+
+    WebCore::GridPosition gridPosition;
+
+    gridPosition.setExplicitPosition(999999, "");
+    EXPECT_EQ(gridPosition.integerPosition(), 999999);
+    gridPosition.setExplicitPosition(1000000, "");
+    EXPECT_EQ(gridPosition.integerPosition(), 1000000);
+    gridPosition.setExplicitPosition(1000001, "");
+    EXPECT_EQ(gridPosition.integerPosition(), 1000000);
+    gridPosition.setExplicitPosition(INT_MAX, "");
+    EXPECT_EQ(gridPosition.integerPosition(), 1000000);
+    gridPosition.setExplicitPosition(-999999, "");
+    EXPECT_EQ(gridPosition.integerPosition(), -999999);
+    gridPosition.setExplicitPosition(-1000000, "");
+    EXPECT_EQ(gridPosition.integerPosition(), -1000000);
+    gridPosition.setExplicitPosition(-1000001, "");
+    EXPECT_EQ(gridPosition.integerPosition(), -1000000);
+    gridPosition.setExplicitPosition(INT_MIN, "");
+    EXPECT_EQ(gridPosition.integerPosition(), -1000000);
+
+    gridPosition.setSpanPosition(999999, "");
+    EXPECT_EQ(gridPosition.spanPosition(), 999999);
+    gridPosition.setSpanPosition(1000000, "");
+    EXPECT_EQ(gridPosition.spanPosition(), 1000000);
+    gridPosition.setSpanPosition(1000001, "");
+    EXPECT_EQ(gridPosition.spanPosition(), 1000000);
+    gridPosition.setSpanPosition(INT_MAX, "");
+    EXPECT_EQ(gridPosition.spanPosition(), 1000000);
+    gridPosition.setSpanPosition(-999999, "");
+    EXPECT_EQ(gridPosition.spanPosition(), -999999);
+    gridPosition.setSpanPosition(-1000000, "");
+    EXPECT_EQ(gridPosition.spanPosition(), -1000000);
+    gridPosition.setSpanPosition(-1000001, "");
+    EXPECT_EQ(gridPosition.spanPosition(), -1000000);
+    gridPosition.setSpanPosition(INT_MIN, "");
+    EXPECT_EQ(gridPosition.spanPosition(), -1000000);
+
+#endif // ENABLE(CSS_GRID_LAYOUT)
+}
+
+} // namespace TestWebKitAPI