[Webkit-unassigned] [Bug 38680] FloatRect::enclosingIntRect performs unsafe type conversion float -> int
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 7 15:03:03 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=38680
--- Comment #2 from W. James MacLean <wjmaclean at chromium.org> 2010-05-07 15:03:03 PST ---
(In reply to comment #1)
> The incorrect result is what is currently checked in as an expected result. Why
> is it incorrect?
I assume we're both looking at
http://trac.webkit.org/browser/trunk/LayoutTests/platform/mac/svg/custom/mask-excessive-malloc-expected.txt
If you modify mask-excessive-malloc.svg so the rect has dimensions in the range
of int, and dump the results render tree, you will find the size of the
RenderPath (line 6) is 800x600, not 0x0. I.e. it clips to the size of the view
port. If you fix the float -> int conversions so that values greater than the
max int 2147483647 are clipped to 2147483647 (which is one reasonable
approach), then the size will be computed as 800x600. The 0x0 size seems to
occur when very large positive floats get erroneously converted to -2147483648,
which gets clipped to 0 for lengths such as height and width.
TI am going to request this bug be deleted, as it seems to have been created
twice (the more up-to-date version being 38684).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list