[Webkit-unassigned] [Bug 95776] New: REGRESSION(r120832): RenderLayer::clampScrollOffset doesn't properly clamp

Tue Sep 4 13:24:46 PDT 2012

https://bugs.webkit.org/show_bug.cgi?id=95776

           Summary: REGRESSION(r120832): RenderLayer::clampScrollOffset
                    doesn't properly clamp
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: Regression
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jchaffraix at webkit.org
                CC: eric at webkit.org, simon.fraser at apple.com

Created an attachment (id=162092)
 --> (https://bugs.webkit.org/attachment.cgi?id=162092&action=review)
Manual test case

When refactoring the clamping logic into clampScrollOffset as part of r120832, the different clipping logics were consolidated into the new function. Unfortunately the old code would wrongly clamp the values:

int x = min(max(scrollOffset.width(), 0), maxX);
int y = min(max(scrollOffset.height(), 0), maxY);

Note that because we apply the min last, we cannot guarantee that x and y are positive as nothing prevents maxX / maxY from being negative.

r120832 exposed the bug to RenderLayer::scrollRectToVisible which was doing the proper clamping.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.