Title: [87083] trunk
- Revision
- 87083
- Author
- [email protected]
- Date
- 2011-05-23 11:27:13 -0700 (Mon, 23 May 2011)
Log Message
2011-05-23 Abhishek Arya <[email protected]>
Reviewed by Simon Fraser.
Tests that we do not crash when parsing css color for integer or
percentage values.
https://bugs.webkit.org/show_bug.cgi?id=61293
* fast/css/parse-color-int-or-percent-crash-expected.txt: Added.
* fast/css/parse-color-int-or-percent-crash.html: Added.
2011-05-23 Abhishek Arya <[email protected]>
Reviewed by Simon Fraser.
Terminate css color parsing on integers which are not followed
by a terminator.
https://bugs.webkit.org/show_bug.cgi?id=61293
Test: fast/css/parse-color-int-or-percent-crash.html
* css/CSSParser.cpp:
(WebCore::parseColorIntOrPercentage):
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (87082 => 87083)
--- trunk/LayoutTests/ChangeLog 2011-05-23 18:07:41 UTC (rev 87082)
+++ trunk/LayoutTests/ChangeLog 2011-05-23 18:27:13 UTC (rev 87083)
@@ -1,3 +1,14 @@
+2011-05-23 Abhishek Arya <[email protected]>
+
+ Reviewed by Simon Fraser.
+
+ Tests that we do not crash when parsing css color for integer or
+ percentage values.
+ https://bugs.webkit.org/show_bug.cgi?id=61293
+
+ * fast/css/parse-color-int-or-percent-crash-expected.txt: Added.
+ * fast/css/parse-color-int-or-percent-crash.html: Added.
+
2011-05-20 Ryosuke Niwa <[email protected]>
Reviewed by Enrica Casucci.
Added: trunk/LayoutTests/fast/css/parse-color-int-or-percent-crash-expected.txt (0 => 87083)
--- trunk/LayoutTests/fast/css/parse-color-int-or-percent-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/css/parse-color-int-or-percent-crash-expected.txt 2011-05-23 18:27:13 UTC (rev 87083)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/fast/css/parse-color-int-or-percent-crash.html (0 => 87083)
--- trunk/LayoutTests/fast/css/parse-color-int-or-percent-crash.html (rev 0)
+++ trunk/LayoutTests/fast/css/parse-color-int-or-percent-crash.html 2011-05-23 18:27:13 UTC (rev 87083)
@@ -0,0 +1,21 @@
+<html>
+ <body>
+ <script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ var stopElement = document.createElementNS("http://www.w3.org/2000/svg", "stop");
+ stopElement.style.stopColor = "blue";
+
+ var colorString = "rgb(00000000000000000000";
+ var e;
+ try {
+ stopElement.style.getPropertyCSSValue("stop-color").setRGBColor(colorString);
+ } catch (err) {
+ e = err;
+ }
+
+ document.body.innerHTML = (e && e.SVG_INVALID_VALUE_ERR == 1) ? "PASS" : "FAIL";
+ </script>
+ </body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (87082 => 87083)
--- trunk/Source/WebCore/ChangeLog 2011-05-23 18:07:41 UTC (rev 87082)
+++ trunk/Source/WebCore/ChangeLog 2011-05-23 18:27:13 UTC (rev 87083)
@@ -1,3 +1,16 @@
+2011-05-23 Abhishek Arya <[email protected]>
+
+ Reviewed by Simon Fraser.
+
+ Terminate css color parsing on integers which are not followed
+ by a terminator.
+ https://bugs.webkit.org/show_bug.cgi?id=61293
+
+ Test: fast/css/parse-color-int-or-percent-crash.html
+
+ * css/CSSParser.cpp:
+ (WebCore::parseColorIntOrPercentage):
+
2011-05-20 Ryosuke Niwa <[email protected]>
Reviewed by Enrica Casucci.
Modified: trunk/Source/WebCore/css/CSSParser.cpp (87082 => 87083)
--- trunk/Source/WebCore/css/CSSParser.cpp 2011-05-23 18:07:41 UTC (rev 87082)
+++ trunk/Source/WebCore/css/CSSParser.cpp 2011-05-23 18:27:13 UTC (rev 87083)
@@ -4159,6 +4159,9 @@
localValue = newValue;
}
+ if (current == end)
+ return false;
+
if (expect == CSSPrimitiveValue::CSS_NUMBER && (*current == '.' || *current == '%'))
return false;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
