Title: [121311] trunk
- Revision
- 121311
- Author
- [email protected]
- Date
- 2012-06-26 18:57:13 -0700 (Tue, 26 Jun 2012)
Log Message
Be careful not to read past the end of input in CSSParser::lex() when looking for variable definitions.
https://bugs.webkit.org/show_bug.cgi?id=89949
Reviewed by Abhishek Arya.
Added repro case as fast/css/short-inline-style.html.
* css/CSSParser.cpp:
(WebCore::CSSParser::lex):
Modified Paths
Added Paths
Diff
Added: trunk/LayoutTests/fast/css/short-inline-style-expected.txt (0 => 121311)
--- trunk/LayoutTests/fast/css/short-inline-style-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/css/short-inline-style-expected.txt 2012-06-27 01:57:13 UTC (rev 121311)
@@ -0,0 +1 @@
+Test successful if it does not crash.
Added: trunk/LayoutTests/fast/css/short-inline-style.html (0 => 121311)
--- trunk/LayoutTests/fast/css/short-inline-style.html (rev 0)
+++ trunk/LayoutTests/fast/css/short-inline-style.html 2012-06-27 01:57:13 UTC (rev 121311)
@@ -0,0 +1,5 @@
+<script>
+ if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<a style="top:-1px;">Test successful if it does not crash.</a>
Modified: trunk/Source/WebCore/ChangeLog (121310 => 121311)
--- trunk/Source/WebCore/ChangeLog 2012-06-27 01:49:20 UTC (rev 121310)
+++ trunk/Source/WebCore/ChangeLog 2012-06-27 01:57:13 UTC (rev 121311)
@@ -1,3 +1,15 @@
+2012-06-26 Luke Macpherson <[email protected]>
+
+ Be careful not to read past the end of input in CSSParser::lex() when looking for variable definitions.
+ https://bugs.webkit.org/show_bug.cgi?id=89949
+
+ Reviewed by Abhishek Arya.
+
+ Added repro case as fast/css/short-inline-style.html.
+
+ * css/CSSParser.cpp:
+ (WebCore::CSSParser::lex):
+
2012-06-26 James Robinson <[email protected]>
[chromium] Remove WebView::graphicsContext3D getter
Modified: trunk/Source/WebCore/css/CSSParser.cpp (121310 => 121311)
--- trunk/Source/WebCore/css/CSSParser.cpp 2012-06-27 01:49:20 UTC (rev 121310)
+++ trunk/Source/WebCore/css/CSSParser.cpp 2012-06-27 01:57:13 UTC (rev 121311)
@@ -8972,7 +8972,7 @@
case CharacterDash:
#if ENABLE(CSS_VARIABLES)
- if (cssVariablesEnabled() && m_currentCharacter[10] == '-' && isEqualToCSSIdentifier(m_currentCharacter, "webkit-var") && isIdentifierStartAfterDash(m_currentCharacter + 11)) {
+ if (cssVariablesEnabled() && isEqualToCSSIdentifier(m_currentCharacter, "webkit-var") && m_currentCharacter[10] == '-' && isIdentifierStartAfterDash(m_currentCharacter + 11)) {
// handle variable declarations
m_currentCharacter += 11;
parseIdentifier(result, hasEscape);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
