Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(264)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/layout/LayoutTableSection.cpp

Issue 1162243004: Check for buffer under/over run in table cell painting (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Revert changes and add asserts to verify correctness Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1997 Martin Jones (mjones@kde.org) 2 * Copyright (C) 1997 Martin Jones (mjones@kde.org)
3 * (C) 1997 Torben Weis (weis@kde.org) 3 * (C) 1997 Torben Weis (weis@kde.org)
4 * (C) 1998 Waldo Bastian (bastian@kde.org) 4 * (C) 1998 Waldo Bastian (bastian@kde.org)
5 * (C) 1999 Lars Knoll (knoll@kde.org) 5 * (C) 1999 Lars Knoll (knoll@kde.org)
6 * (C) 1999 Antti Koivisto (koivisto@kde.org) 6 * (C) 1999 Antti Koivisto (koivisto@kde.org)
7 * Copyright (C) 2003, 2004, 2005, 2006, 2008, 2009, 2010, 2013 Apple Inc. All r ights reserved. 7 * Copyright (C) 2003, 2004, 2005, 2006, 2008, 2009, 2010, 2013 Apple Inc. All r ights reserved.
8 * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com) 8 * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
9 * 9 *
10 * This library is free software; you can redistribute it and/or 10 * This library is free software; you can redistribute it and/or
(...skipping 1279 matching lines...) Expand 10 before | Expand all | Expand 10 after
1290 return tableAlignedRect; 1290 return tableAlignedRect;
1291 } 1291 }
1292 1292
1293 CellSpan LayoutTableSection::dirtiedRows(const LayoutRect& damageRect) const 1293 CellSpan LayoutTableSection::dirtiedRows(const LayoutRect& damageRect) const
1294 { 1294 {
1295 if (m_forceSlowPaintPathWithOverflowingCell) 1295 if (m_forceSlowPaintPathWithOverflowingCell)
1296 return fullTableRowSpan(); 1296 return fullTableRowSpan();
1297 1297
1298 CellSpan coveredRows = spannedRows(damageRect); 1298 CellSpan coveredRows = spannedRows(damageRect);
1299 1299
1300 // To issue paint invalidations for the border we might need to paint invali date the first or last row even if they are not spanned themselves. 1300 // To issue paint invalidations for the border we might need to paint invali date the first
1301 if (coveredRows.start() >= m_rowPos.size() - 1 && m_rowPos[m_rowPos.size() - 1] + table()->outerBorderAfter() >= damageRect.y()) 1301 // or last row even if they are not spanned themselves.
1302 RELEASE_ASSERT(coveredRows.start() < m_rowPos.size());
1303 if (coveredRows.start() == m_rowPos.size() - 1
1304 && m_rowPos[m_rowPos.size() - 1] + table()->outerBorderAfter() >= damage Rect.y())
1302 coveredRows.decreaseStart(); 1305 coveredRows.decreaseStart();
1303 1306
1304 if (!coveredRows.end() && m_rowPos[0] - table()->outerBorderBefore() <= dama geRect.maxY()) 1307 if (!coveredRows.end()
1308 && m_rowPos[0] - table()->outerBorderBefore() <= damageRect.maxY())
1305 coveredRows.increaseEnd(); 1309 coveredRows.increaseEnd();
1306 1310
1311 RELEASE_ASSERT(coveredRows.start() >= 0 && coveredRows.start() <= m_grid.siz e());
1312 RELEASE_ASSERT(coveredRows.end() >= 0 && coveredRows.end() <= m_grid.size()) ;
1313 RELEASE_ASSERT(coveredRows.start() <= coveredRows.end());
1314
1307 return coveredRows; 1315 return coveredRows;
1308 } 1316 }
1309 1317
1310 CellSpan LayoutTableSection::dirtiedColumns(const LayoutRect& damageRect) const 1318 CellSpan LayoutTableSection::dirtiedColumns(const LayoutRect& damageRect) const
1311 { 1319 {
1312 if (m_forceSlowPaintPathWithOverflowingCell) 1320 if (m_forceSlowPaintPathWithOverflowingCell)
1313 return fullTableColumnSpan(); 1321 return fullTableColumnSpan();
1314 1322
1315 CellSpan coveredColumns = spannedColumns(damageRect); 1323 CellSpan coveredColumns = spannedColumns(damageRect);
1316 1324
1317 const Vector<int>& columnPos = table()->columnPositions(); 1325 const Vector<int>& columnPos = table()->columnPositions();
1318 // To issue paint invalidations for the border we might need to paint invali date the first or last column even if they are not spanned themselves. 1326 // To issue paint invalidations for the border we might need to paint invali date the first
1319 if (coveredColumns.start() >= columnPos.size() - 1 && columnPos[columnPos.si ze() - 1] + table()->outerBorderEnd() >= damageRect.x()) 1327 // or last column even if they are not spanned themselves.
1328 RELEASE_ASSERT(coveredColumns.start() < columnPos.size());
1329 if (coveredColumns.start() == columnPos.size() - 1
1330 && columnPos[columnPos.size() - 1] + table()->outerBorderEnd() >= damage Rect.x())
1320 coveredColumns.decreaseStart(); 1331 coveredColumns.decreaseStart();
1321 1332
1322 if (!coveredColumns.end() && columnPos[0] - table()->outerBorderStart() <= d amageRect.maxX()) 1333 if (!coveredColumns.end()
1334 && columnPos[0] - table()->outerBorderStart() <= damageRect.maxX())
1323 coveredColumns.increaseEnd(); 1335 coveredColumns.increaseEnd();
1324 1336
1337 RELEASE_ASSERT(coveredColumns.start() >= 0 && coveredColumns.start() <= tabl e()->numEffCols());
1338 RELEASE_ASSERT(coveredColumns.end() >= 0 && coveredColumns.end() <= table()- >numEffCols());
1339 RELEASE_ASSERT(coveredColumns.start() <= coveredColumns.end());
Julien - ping for review 2015/06/08 15:23:47 This code is repeated twice so I think it ought to
1340
1325 return coveredColumns; 1341 return coveredColumns;
1326 } 1342 }
1327 1343
1328 CellSpan LayoutTableSection::spannedRows(const LayoutRect& flippedRect) const 1344 CellSpan LayoutTableSection::spannedRows(const LayoutRect& flippedRect) const
1329 { 1345 {
1330 // Find the first row that starts after rect top. 1346 // Find the first row that starts after rect top.
1331 unsigned nextRow = std::upper_bound(m_rowPos.begin(), m_rowPos.end(), flippe dRect.y()) - m_rowPos.begin(); 1347 unsigned nextRow = std::upper_bound(m_rowPos.begin(), m_rowPos.end(), flippe dRect.y()) - m_rowPos.begin();
1332 1348
1333 if (nextRow == m_rowPos.size()) 1349 if (nextRow == m_rowPos.size())
1334 return CellSpan(m_rowPos.size() - 1, m_rowPos.size() - 1); // After all rows. 1350 return CellSpan(m_rowPos.size() - 1, m_rowPos.size() - 1); // After all rows.
(...skipping 293 matching lines...) Expand 10 before | Expand all | Expand 10 after
1628 // FIXME: The table's direction should determine our row's direction, not th e section's (see bug 96691). 1644 // FIXME: The table's direction should determine our row's direction, not th e section's (see bug 96691).
1629 if (!style()->isLeftToRightDirection()) 1645 if (!style()->isLeftToRightDirection())
1630 cellLocation.setX(table()->columnPositions()[table()->numEffCols()] - ta ble()->columnPositions()[table()->colToEffCol(cell->col() + cell->colSpan())] + horizontalBorderSpacing); 1646 cellLocation.setX(table()->columnPositions()[table()->numEffCols()] - ta ble()->columnPositions()[table()->colToEffCol(cell->col() + cell->colSpan())] + horizontalBorderSpacing);
1631 else 1647 else
1632 cellLocation.setX(table()->columnPositions()[effectiveColumn] + horizont alBorderSpacing); 1648 cellLocation.setX(table()->columnPositions()[effectiveColumn] + horizont alBorderSpacing);
1633 1649
1634 cell->setLogicalLocation(cellLocation); 1650 cell->setLogicalLocation(cellLocation);
1635 } 1651 }
1636 1652
1637 } // namespace blink 1653 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698