Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(303)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/layout/LayoutBox.cpp

Issue 2716583002: Avoid negative content box sizes. (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/LayoutTests/fast/block/large-border-abspos.html ('K') | « third_party/WebKit/Source/core/layout/LayoutBox.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/layout/LayoutBox.cpp
diff --git a/third_party/WebKit/Source/core/layout/LayoutBox.cpp b/third_party/WebKit/Source/core/layout/LayoutBox.cpp
index 0f73e71f2bfdf2ea81033d14418d0ec145e8998f..d0c50bb6557254eca3fd3ada191fc8a19f6ba0c6 100644
--- a/third_party/WebKit/Source/core/layout/LayoutBox.cpp
+++ b/third_party/WebKit/Source/core/layout/LayoutBox.cpp
@@ -509,14 +509,24 @@ void LayoutBox::layout() {
// an object excluding border and scrollbar.
DISABLE_CFI_PERF
LayoutUnit LayoutBox::clientWidth() const {
- return m_frameRect.width() - borderLeft() - borderRight() -
- verticalScrollbarWidth();
+ // We need to guard against ill effects of saturated arithmetic here. The sum
+ // of the two border sides may be larger than the border box size stored in
mstensho (USE GERRIT) 2017/02/23 13:35:09 This was true when I started working on this patch
eae 2017/02/23 15:54:37 Fully agree that we should keep the check. Please
mstensho (USE GERRIT) 2017/02/23 17:42:08 Good idea! Done.
+ // m_frameRect (since they are all LayoutUnit values). Furthermore, the
+ // scrollbar may be wider than the padding box.
+ return (m_frameRect.width() - borderLeft() - borderRight() -
+ verticalScrollbarWidth())
+ .clampNegativeToZero();
}
DISABLE_CFI_PERF
LayoutUnit LayoutBox::clientHeight() const {
- return m_frameRect.height() - borderTop() - borderBottom() -
- horizontalScrollbarHeight();
+ // We need to guard against ill effects of saturated arithmetic here. The sum
+ // of the two border sides may be larger than the border box size stored in
+ // m_frameRect (since they are all LayoutUnit values). Furthermore, the
+ // scrollbar may be wider than the padding box.
+ return (m_frameRect.height() - borderTop() - borderBottom() -
+ horizontalScrollbarHeight())
+ .clampNegativeToZero();
}
int LayoutBox::pixelSnappedClientWidth() const {
« third_party/WebKit/LayoutTests/fast/block/large-border-abspos.html ('K') | « third_party/WebKit/Source/core/layout/LayoutBox.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698