[webkit-changes] [WebKit/WebKit] d16c8e: Avoid uint64_t overflow in Decimal::operator/() an...

Tue Dec 20 18:49:41 PST 2022

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: d16c8e20b19ef4903f1dd85056d5f6ad0353d36d
      https://github.com/WebKit/WebKit/commit/d16c8e20b19ef4903f1dd85056d5f6ad0353d36d
  Author: Ahmad Saleem <ahmad.saleem792+github at gmail.com>
  Date:   2022-12-20 (Tue, 20 Dec 2022)

  Changed paths:
    A LayoutTests/fast/forms/range/input-range-progress-indicator-overflow-expected.html
    A LayoutTests/fast/forms/range/input-range-progress-indicator-overflow.html
    M Source/WebCore/platform/Decimal.cpp

  Log Message:
  -----------
  Avoid uint64_t overflow in Decimal::operator/() and fix static MaxCoefficient value

Avoid uint64_t overflow in Decimal::operator/() and fix static MaxCoefficient value
https://bugs.webkit.org/show_bug.cgi?id=248784

Reviewed by Darin Adler.

Merge - https://src.chromium.org/viewvc/blink?view=revision&revision=191294 & https://src.chromium.org/viewvc/blink?view=revision&revision=174294

This patch changes Decimal::operator/() not to cause uint64_t overflow in
multiplication and addition during calculating quotient. Original code
wrongly assumed each division loop generate at most two digits, by
|MaxCoefficient < 100|, however this assumption is wrong such as
50,000 / 99,9999.

Additionally, it also update MaxCoefficient static variable value in Decimal.cpp to match the Precision
and the corresponding comment about using 18 as precision.

* Source/WebCore/platform/Decimal.cpp:
- Update "MaxCoefficient" static variable
(Decimal:operator/): Update "divisor" function to account for overflow in multiplication and addition
(Decimal::ceiling): Fixes assertion failure
* LayoutTests/fast/range/input-range-progress-indicator-overflow.html: Add Test Case
* LayoutTests/fast/range/input-range-progress-indicator-overflow-expected.html: Add Test Case Expectation

Canonical link: https://commits.webkit.org/258174@main