ui/gfx/geometry/rect.h - Issue 2354783004: Fix overflow/underflow in gfx geometry once and for all

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: ui/gfx/geometry/rect.h

Issue 2354783004: Fix overflow/underflow in gfx geometry once and for all (Closed)

Patch Set: Now with more tests Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: ui/gfx/geometry/rect.h

diff --git a/ui/gfx/geometry/rect.h b/ui/gfx/geometry/rect.h

index 17266fe03fb7c3f385df26746ff660e466087820..2d3119e8eaedcb13a0a5fdea6b000dcc117e90cd 100644

--- a/ui/gfx/geometry/rect.h

+++ b/ui/gfx/geometry/rect.h

@@ -16,9 +16,9 @@

#include <iosfwd>

#include <string>

-#include "base/numerics/safe_conversions.h"

#include "build/build_config.h"

#include "ui/gfx/geometry/point.h"

+#include "ui/gfx/geometry/safe_integer_conversions.h"

#include "ui/gfx/geometry/size.h"

#include "ui/gfx/geometry/vector2d.h"

@@ -207,24 +207,18 @@ class GFX_EXPORT Rect {

gfx::Size size_;

// Clamp the size to avoid integer overflow in bottom() and right().

- // There are three conditions to determine whether there is a potential

- // overflow:

- // 1) Origin > 0: if the origin is a negative value, origin + size will

- // definitely be less than int_max.

- // 2) size > 0: if size <= 0, it will be clamped to 0 making x + 0 valid for

- // all x.

- // 3) We cast the values to unsigned int because the compiler can optimize

- // this check away entirely but it is not smart enough to know that it

- // won't overflow. It can't overflow since origin is positive ensured by

- // part 1). If size > int_max - origin it will overflow when added to

- // origin.

+ // This returns the width given an origin and a width.

static constexpr int GetClampedValue(int origin, int size) {

- return origin > 0 && size > 0 &&

- static_cast<unsigned>(std::numeric_limits<int>::max() -

- origin) < static_cast<unsigned>(size)

+ return AddWouldOverflow(origin, size)

? std::numeric_limits<int>::max() - origin

: size;

}

+ // Returns a clamped width given a right and a left, assuming right > left.

+ static constexpr int GetClampedWidthFromExtents(int left, int right) {

+ return SubtractWouldOverflow(right, left) ? std::numeric_limits<int>::max()

+ : right - left;

+ }

};

inline bool operator==(const Rect& lhs, const Rect& rhs) {

« no previous file with comments | « ui/gfx/geometry/point_unittest.cc ('k') | ui/gfx/geometry/rect.cc » ('j') | ui/gfx/geometry/rect.cc » ('J')