Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/layout/LayoutTableSection.cpp

Issue 1162243004: Check for buffer under/over run in table cell painting (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Extract common code Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/layout/LayoutTableSection.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1997 Martin Jones (mjones@kde.org) 2 * Copyright (C) 1997 Martin Jones (mjones@kde.org)
3 * (C) 1997 Torben Weis (weis@kde.org) 3 * (C) 1997 Torben Weis (weis@kde.org)
4 * (C) 1998 Waldo Bastian (bastian@kde.org) 4 * (C) 1998 Waldo Bastian (bastian@kde.org)
5 * (C) 1999 Lars Knoll (knoll@kde.org) 5 * (C) 1999 Lars Knoll (knoll@kde.org)
6 * (C) 1999 Antti Koivisto (koivisto@kde.org) 6 * (C) 1999 Antti Koivisto (koivisto@kde.org)
7 * Copyright (C) 2003, 2004, 2005, 2006, 2008, 2009, 2010, 2013 Apple Inc. All r ights reserved. 7 * Copyright (C) 2003, 2004, 2005, 2006, 2008, 2009, 2010, 2013 Apple Inc. All r ights reserved.
8 * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com) 8 * Copyright (C) 2006 Alexey Proskuryakov (ap@nypop.com)
9 * 9 *
10 * This library is free software; you can redistribute it and/or 10 * This library is free software; you can redistribute it and/or
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
71 if (cRowLogicalHeight.type() < Percent 71 if (cRowLogicalHeight.type() < Percent
72 || (cRowLogicalHeight.isFixed() && cRowLogicalHeight.value() < l ogicalHeight.value())) 72 || (cRowLogicalHeight.isFixed() && cRowLogicalHeight.value() < l ogicalHeight.value()))
73 row.logicalHeight = logicalHeight; 73 row.logicalHeight = logicalHeight;
74 break; 74 break;
75 default: 75 default:
76 break; 76 break;
77 } 77 }
78 } 78 }
79 } 79 }
80 80
81 void CellSpan::ensureConsistency(const unsigned maximumSpanSize)
82 {
83 RELEASE_ASSERT(m_start >= 0 && m_start <= maximumSpanSize);
84 RELEASE_ASSERT(m_end >= 0 && m_end <= maximumSpanSize);
85 RELEASE_ASSERT(m_start <= m_end);
86 }
87
81 LayoutTableSection::LayoutTableSection(Element* element) 88 LayoutTableSection::LayoutTableSection(Element* element)
82 : LayoutBox(element) 89 : LayoutBox(element)
83 , m_cCol(0) 90 , m_cCol(0)
84 , m_cRow(0) 91 , m_cRow(0)
85 , m_outerBorderStart(0) 92 , m_outerBorderStart(0)
86 , m_outerBorderEnd(0) 93 , m_outerBorderEnd(0)
87 , m_outerBorderBefore(0) 94 , m_outerBorderBefore(0)
88 , m_outerBorderAfter(0) 95 , m_outerBorderAfter(0)
89 , m_needsCellRecalc(false) 96 , m_needsCellRecalc(false)
90 , m_forceSlowPaintPathWithOverflowingCell(false) 97 , m_forceSlowPaintPathWithOverflowingCell(false)
(...skipping 1199 matching lines...) Expand 10 before | Expand all | Expand 10 after
1290 return tableAlignedRect; 1297 return tableAlignedRect;
1291 } 1298 }
1292 1299
1293 CellSpan LayoutTableSection::dirtiedRows(const LayoutRect& damageRect) const 1300 CellSpan LayoutTableSection::dirtiedRows(const LayoutRect& damageRect) const
1294 { 1301 {
1295 if (m_forceSlowPaintPathWithOverflowingCell) 1302 if (m_forceSlowPaintPathWithOverflowingCell)
1296 return fullTableRowSpan(); 1303 return fullTableRowSpan();
1297 1304
1298 CellSpan coveredRows = spannedRows(damageRect); 1305 CellSpan coveredRows = spannedRows(damageRect);
1299 1306
1300 // To issue paint invalidations for the border we might need to paint invali date the first or last row even if they are not spanned themselves. 1307 // To issue paint invalidations for the border we might need to paint invali date the first
1301 if (coveredRows.start() >= m_rowPos.size() - 1 && m_rowPos[m_rowPos.size() - 1] + table()->outerBorderAfter() >= damageRect.y()) 1308 // or last row even if they are not spanned themselves.
1309 RELEASE_ASSERT(coveredRows.start() < m_rowPos.size());
1310 if (coveredRows.start() == m_rowPos.size() - 1
1311 && m_rowPos[m_rowPos.size() - 1] + table()->outerBorderAfter() >= damage Rect.y())
1302 coveredRows.decreaseStart(); 1312 coveredRows.decreaseStart();
1303 1313
1304 if (!coveredRows.end() && m_rowPos[0] - table()->outerBorderBefore() <= dama geRect.maxY()) 1314 if (!coveredRows.end()
1315 && m_rowPos[0] - table()->outerBorderBefore() <= damageRect.maxY())
1305 coveredRows.increaseEnd(); 1316 coveredRows.increaseEnd();
1306 1317
1318 coveredRows.ensureConsistency(m_grid.size());
1319
1307 return coveredRows; 1320 return coveredRows;
1308 } 1321 }
1309 1322
1310 CellSpan LayoutTableSection::dirtiedColumns(const LayoutRect& damageRect) const 1323 CellSpan LayoutTableSection::dirtiedColumns(const LayoutRect& damageRect) const
1311 { 1324 {
1312 if (m_forceSlowPaintPathWithOverflowingCell) 1325 if (m_forceSlowPaintPathWithOverflowingCell)
1313 return fullTableColumnSpan(); 1326 return fullTableColumnSpan();
1314 1327
1315 CellSpan coveredColumns = spannedColumns(damageRect); 1328 CellSpan coveredColumns = spannedColumns(damageRect);
1316 1329
1317 const Vector<int>& columnPos = table()->columnPositions(); 1330 const Vector<int>& columnPos = table()->columnPositions();
1318 // To issue paint invalidations for the border we might need to paint invali date the first or last column even if they are not spanned themselves. 1331 // To issue paint invalidations for the border we might need to paint invali date the first
1319 if (coveredColumns.start() >= columnPos.size() - 1 && columnPos[columnPos.si ze() - 1] + table()->outerBorderEnd() >= damageRect.x()) 1332 // or last column even if they are not spanned themselves.
1333 RELEASE_ASSERT(coveredColumns.start() < columnPos.size());
1334 if (coveredColumns.start() == columnPos.size() - 1
1335 && columnPos[columnPos.size() - 1] + table()->outerBorderEnd() >= damage Rect.x())
1320 coveredColumns.decreaseStart(); 1336 coveredColumns.decreaseStart();
1321 1337
1322 if (!coveredColumns.end() && columnPos[0] - table()->outerBorderStart() <= d amageRect.maxX()) 1338 if (!coveredColumns.end()
1339 && columnPos[0] - table()->outerBorderStart() <= damageRect.maxX())
1323 coveredColumns.increaseEnd(); 1340 coveredColumns.increaseEnd();
1324 1341
1342 coveredColumns.ensureConsistency(table()->numEffCols());
1343
1325 return coveredColumns; 1344 return coveredColumns;
1326 } 1345 }
1327 1346
1328 CellSpan LayoutTableSection::spannedRows(const LayoutRect& flippedRect) const 1347 CellSpan LayoutTableSection::spannedRows(const LayoutRect& flippedRect) const
1329 { 1348 {
1330 // Find the first row that starts after rect top. 1349 // Find the first row that starts after rect top.
1331 unsigned nextRow = std::upper_bound(m_rowPos.begin(), m_rowPos.end(), flippe dRect.y()) - m_rowPos.begin(); 1350 unsigned nextRow = std::upper_bound(m_rowPos.begin(), m_rowPos.end(), flippe dRect.y()) - m_rowPos.begin();
1332 1351
1333 if (nextRow == m_rowPos.size()) 1352 if (nextRow == m_rowPos.size())
1334 return CellSpan(m_rowPos.size() - 1, m_rowPos.size() - 1); // After all rows. 1353 return CellSpan(m_rowPos.size() - 1, m_rowPos.size() - 1); // After all rows.
(...skipping 293 matching lines...) Expand 10 before | Expand all | Expand 10 after
1628 // FIXME: The table's direction should determine our row's direction, not th e section's (see bug 96691). 1647 // FIXME: The table's direction should determine our row's direction, not th e section's (see bug 96691).
1629 if (!style()->isLeftToRightDirection()) 1648 if (!style()->isLeftToRightDirection())
1630 cellLocation.setX(table()->columnPositions()[table()->numEffCols()] - ta ble()->columnPositions()[table()->colToEffCol(cell->col() + cell->colSpan())] + horizontalBorderSpacing); 1649 cellLocation.setX(table()->columnPositions()[table()->numEffCols()] - ta ble()->columnPositions()[table()->colToEffCol(cell->col() + cell->colSpan())] + horizontalBorderSpacing);
1631 else 1650 else
1632 cellLocation.setX(table()->columnPositions()[effectiveColumn] + horizont alBorderSpacing); 1651 cellLocation.setX(table()->columnPositions()[effectiveColumn] + horizont alBorderSpacing);
1633 1652
1634 cell->setLogicalLocation(cellLocation); 1653 cell->setLogicalLocation(cellLocation);
1635 } 1654 }
1636 1655
1637 } // namespace blink 1656 } // namespace blink
OLDNEW
« no previous file with comments | « Source/core/layout/LayoutTableSection.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698