Closed
Bug 1135677
Opened 9 years ago
Closed 9 years ago
BaseRect::Intersect returns incorrect result in the face of overflow
Categories
(Core :: Graphics, defect)
Core
Graphics
Tracking
()
RESOLVED
FIXED
mozilla39
People
(Reporter: kats, Assigned: BenWa)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 1 obsolete file)
|
2.98 KB,
patch
|
bas.schouten
:
review+
kats
:
feedback+
bajaj
:
approval-mozilla-b2g34+
bajaj
:
approval-mozilla-b2g37+
|
Details | Diff | Splinter Review |
As part of fixing bug 1134762 I uncovered the following bug: nsRect aDirtyRect is x=1073741344, y=1073741344, w=1073756696, h=1073819936 nsRect mScrollPort is x=1073741820, y=1073741820, w=14400, h=77640 dirtyRect = aDirtyRect.Intersect(mScrollPort) dirtyRect is expected to be x=1073741820, y=1073741820, w=14400, h=77640 dirtyRect is actually x=1073741820, y=1073741820, w=1073756220, h=1073819460
|
Reporter | |
Comment 1•9 years ago
|
||
Attachment #8567934 -
Flags: review?(bas)
|
|
Reporter | |
Comment 2•9 years ago
|
||
Comment on attachment 8567934 [details] [diff] [review] Patch Actually this patch isn't right because there may be legitimate cases where XMost() < 0 (for example if the x coord is negative). However I'd still like feedback on whether this sort of fix is reasonable. It looks like a lot of code in BaseRect is subject to problems when XMost() overflows and I'm not sure if we want a more systemic approach to dealing with this.
Attachment #8567934 -
Flags: review?(bas) → feedback?(bas)
|
Assignee | |
Comment 3•9 years ago
|
||
This fixes the crashtest and passes the gtest locally.
Attachment #8568066 -
Flags: feedback?(bugmail.mozilla)
|
|
Reporter | |
Comment 4•9 years ago
|
||
Comment on attachment 8568066 [details] [diff] [review] alternative patch Review of attachment 8568066 [details] [diff] [review]: ----------------------------------------------------------------- This seems reasonable to fix this specific problem and I'm fine with landing this but I think overall clamping XMost()/YMost() as you suggested might be a better approach.
Attachment #8568066 -
Flags: feedback?(bugmail.mozilla) → feedback+
|
|
Assignee | |
Comment 5•9 years ago
|
||
Perhaps we should do the XMost/YMost clamp change separately from this. This has very limited possible side effect and regression risk. It's hard to reason about the potential risk and side effect of XMost/YMost which I default to high/unknown. We can land this patch as a direct fix for the APZ and uplift and consider the clamping as a general safety change we can apply (and backout if required) separately. What do you think?
|
|
Reporter | |
Comment 6•9 years ago
|
||
Sounds good to me.
|
|
Reporter | |
Updated•9 years ago
|
Attachment #8567934 -
Attachment is obsolete: true
Attachment #8567934 -
Flags: feedback?(bas)
|
|
Reporter | |
Updated•9 years ago
|
Assignee: bugmail.mozilla → bgirard
|
|
Assignee | |
Updated•9 years ago
|
Attachment #8568066 -
Flags: review?(bas)
Blocks: 1086162
|
||
Updated•9 years ago
|
Attachment #8568066 -
Flags: review?(bas) → review+
|
|
Assignee | |
Comment 7•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/8aaeff3424c0
|
||
Comment 8•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/8aaeff3424c0
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox39:
--- → fixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
|
|
Assignee | |
Updated•9 years ago
|
status-b2g-v2.1:
--- → affected
status-b2g-v2.1S:
--- → affected
status-b2g-v2.2:
--- → affected
status-b2g-master:
--- → affected
|
|
Assignee | |
Comment 9•9 years ago
|
||
Comment on attachment 8568066 [details] [diff] [review] alternative patch NOTE: Please see https://wiki.mozilla.org/Release_Management/B2G_Landing to better understand the B2G approval process and landings. [Approval Request Comment] Bug caused by (feature/regressing bug #): not a regression, but it exposes a flaw with bug 1134762 and bug 950934 together. User impact if declined: can't uplift bug 1134762 on branches where bug 950934 is landed/enabled. Testing completed: local testing, added a unit test (which we only run on desktop). Risk to taking this patch (and alternatives if risky): low risk, reordering '-' and min operation. String or UUID changes made by this patch: none I think we can get away with applying this on fewer branches, since this patch is only needed on branch that have root APZ enabled, but this is a low risk patch (reorders operation to reduce overflow bugs) so I'm suggesting we just uplift this everywhere we're going to take bug 1134762. This will reduce the changes of backouts.
Attachment #8568066 -
Flags: approval-mozilla-b2g37?
Attachment #8568066 -
Flags: approval-mozilla-b2g34?
|
|
Reporter | |
Updated•9 years ago
|
|
||
Comment 10•9 years ago
|
||
waiting for verifcation in https://bugzilla.mozilla.org/show_bug.cgi?id=1134762 that will done alone with the patch here.
Flags: needinfo?(npark)
|
||
Comment 11•9 years ago
|
||
See comment in https://bugzilla.mozilla.org/show_bug.cgi?id=1134762#c28
Flags: needinfo?(npark)
|
|
||
Updated•9 years ago
|
Attachment #8568066 -
Flags: approval-mozilla-b2g37?
Attachment #8568066 -
Flags: approval-mozilla-b2g37+
Attachment #8568066 -
Flags: approval-mozilla-b2g34?
Attachment #8568066 -
Flags: approval-mozilla-b2g34+
|
|
||
Comment 12•9 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g37_v2_2/rev/f98926a278dd https://hg.mozilla.org/releases/mozilla-b2g34_v2_1/rev/88b24a189901
status-firefox37:
--- → wontfix
status-firefox38:
--- → wontfix
You need to log in
before you can comment on or make changes to this bug.
Description
•