Bug 335346

Summary: [testacase] khtml fail to handle very high value for z-index property
Product: [Applications] konqueror Reporter: Andrea Iacovitti <aiacovitti>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: aacid, rdieter
Priority: NOR    
Version: 4.13.1   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In: 4.13.2
Sentry Crash Report:
Attachments: testcase

Description Andrea Iacovitti 2014-05-25 21:54:32 UTC
Created attachment 86819 [details]
testcase

Some sites (like youtube) use a very high value for z-index css property, like 2147483647 2147483646 2147483645.
Khtml fails to handle these values correctly (see attached testcase).
Other browsers (like firefox or chromium) handle them correctly and clamp those values to the 32 bit integer range (-2147483648 .. 2147483647)
Comment 1 Andrea Iacovitti 2014-05-25 23:41:37 UTC
Git commit 6197b21be57967a6f4045cbc354c43ed83f7480c by Andrea Iacovitti.
Committed on 25/05/2014 at 22:26.
Pushed by aiacovitti into branch 'KDE/4.13'.

Support up to INT_MAX (2^31-1) for the absolute value of css <number> data type.

When converting parsed number from string to double do not use a flot variable to store
the result as it does not have the necessary precision to represent exactly all the values
in the 32-bit integer range. Use a double instead.
FIXED-IN: 4.13.2

M  +2    -1    khtml/css/cssparser.cpp
M  +1    -1    khtml/css/parser.cpp
M  +1    -1    khtml/css/parser.h
M  +1    -1    khtml/css/parser.y

http://commits.kde.org/kdelibs/6197b21be57967a6f4045cbc354c43ed83f7480c
Comment 2 Rex Dieter 2014-06-07 22:37:45 UTC
This commit fails to build on arm platform where qreal (sometimes) != double, this line 2797 of cssparser.cpp in particular,

        yylval->val = qMin(QString((QChar *)t, length).toDouble(), dIntMax);

(where the former is double, the latter dIntMax is qreal)
Comment 3 Andrea Iacovitti 2014-06-08 01:17:04 UTC
Could you try this patch? thanks.

--- a/khtml/css/cssparser.cpp
+++ b/khtml/css/cssparser.cpp
@@ -2709,7 +2709,7 @@ static inline int yyerror( const char *str ) {
     return 1;
 }
 
-static const qreal dIntMax = INT_MAX;
+static const double dIntMax = INT_MAX;
 #define END 0
 
 #include "parser.h"
Comment 4 Rex Dieter 2014-06-08 11:43:23 UTC
Yes, that works, now its an explicit double vs double comparision, thanks.
Comment 5 Andrea Iacovitti 2014-06-08 13:43:23 UTC
Git commit 3214e20cb4a674fa479905176bb5703231521a39 by Andrea Iacovitti.
Committed on 08/06/2014 at 13:41.
Pushed by aiacovitti into branch 'KDE/4.13'.

Fix build on arm platform.

M  +1    -1    khtml/css/cssparser.cpp

http://commits.kde.org/kdelibs/3214e20cb4a674fa479905176bb5703231521a39
Comment 6 Rex Dieter 2014-06-09 12:57:19 UTC
confirmed good in new kdelibs-4.13.2 tarball, closing.