third_party/WebKit/Source/core/layout/LayoutText.cpp - Issue 2345633007: Don't overflow in LayoutText::width() on a huge length.

Unified Diff: third_party/WebKit/Source/core/layout/LayoutText.cpp

Issue 2345633007: Don't overflow in LayoutText::width() on a huge length. (Closed)

Patch Set: Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: third_party/WebKit/Source/core/layout/LayoutText.cpp

diff --git a/third_party/WebKit/Source/core/layout/LayoutText.cpp b/third_party/WebKit/Source/core/layout/LayoutText.cpp

index 2dbaf857cf174032c1a2b13fbfcf7879d8ff693e..b431130e8a97f12c518bd2a29eae4af6847ac5f7 100644

--- a/third_party/WebKit/Source/core/layout/LayoutText.cpp

+++ b/third_party/WebKit/Source/core/layout/LayoutText.cpp

@@ -1575,7 +1575,7 @@ float LayoutText::width(unsigned from, unsigned len, LayoutUnit xPos, TextDirect

if (from >= textLength())

return 0;

- if (from + len > textLength())

+ if (len > textLength() || from + len > textLength())

len = textLength() - from;

return width(from, len, style(firstLine)->font(), xPos, textDirection, fallbackFonts, glyphBounds);

@@ -1587,6 +1587,8 @@ float LayoutText::width(unsigned from, unsigned len, const Font& f, LayoutUnit x

if (!textLength())

return 0;

+ // TODO(wkorman): Incorporate constraints around |from| and |len| in the preceding variant of width() here.

wkorman 2016/09/17 00:17:22 Seeking feedback on this. AFAICT this method varia

eae 2016/09/17 08:35:51 The other method calls this one with style(firstLi

wkorman 2016/09/17 21:16:42 That's true, but this method is exposed and can be

float w;

if (&f == &style()->font()) {

if (!style()->preserveNewline() && !from && len == textLength()) {