[Webkit-unassigned] [Bug 67139] New: Early return in CSSPrimitiveValue::getDoubleValueInternal() omits additional invalid enums

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 29 10:37:13 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=67139

           Summary: Early return in
                    CSSPrimitiveValue::getDoubleValueInternal() omits
                    additional invalid enums
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ddkilzer at webkit.org
                CC: simon.fraser at apple.com, apavlov at chromium.org


* SUMMARY
The early return code in CSSPrimitiveValue::getDoubleValueInternal() in CSSPrimitiveValue.cpp ignores the newly added CSS_COUNTER_NAME enum because it checks for currently-known illegal values instead of currently-known legal values.

Current code:

bool CSSPrimitiveValue::getDoubleValueInternal(UnitTypes requestedUnitType, double* result) const
{
    if (m_type < CSS_NUMBER || (m_type > CSS_DIMENSION && m_type < CSS_TURN) || requestedUnitType < CSS_NUMBER || (requestedUnitType > CSS_DIMENSION && requestedUnitType < CSS_TURN))
        return false;

Instead it should do something like this:

bool CSSPrimitiveValue::getDoubleValueInternal(UnitTypes requestedUnitType, double* result) const
{
    if (!isValidCSSUnitTypeForDoubleConversion(m_type) || !isValidCSSUnitTypeForDoubleConversion(requestedUnitType))
        return false;

And then have a static inline method that handles all of them with a switch statement (so that you get a compiler warning if a new CSSPrimitiveValue::UnitTypes enum is added that isn't in the list:

static inline bool isValidCSSUnitTypeForDoubleConversion(UnitTypes unitType)
{
    switch (unitType) {
    case CSS_UNKNOWN:
        return false;
    case CSS_NUMBER:
    ...
    case CSS_DIMENSION:
        return true;
    case CSS_STRING:
    ...
    case CSS_PARSER_IDENTIFIER:
        return false;
    case CSS_TURN:
    case CSS_REMS:
        return true;
    case CSS_COUNTER_NAME:
    case CSS_FROM_FLOW:
    case CSS_SHAPE:
        return false;
    }

    ASSERT_NOT_REACHED();
    return false;
}

The original code was added in ToT WebKit r72189.  <http://trac.webkit.org/changeset/72189>

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list