[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: KDE/kdelibs/khtml/css
From: Germain Garand <germain () ebooksfrance ! org>
Date: 2009-04-01 23:57:27
Message-ID: 1238630247.781263.28205.nullmailer () svn ! kde ! org
[Download RAW message or body]
SVN commit 948014 by ggarand:
.factor out some CSS parser code (initial patch from mccope@googlemail.com,
derived from code found in webcore)
.increase CSS buffer's security padding to 8 bytes to prevent buggy flex
from reading/writing past the end in some situations.
BUG: 167318
M +49 -64 cssparser.cpp
M +2 -1 cssparser.h
--- trunk/KDE/kdelibs/khtml/css/cssparser.cpp #948013:948014
@@ -144,15 +144,44 @@
return anyNamespace;
}
-void CSSParser::runParser(int length)
+void CSSParser::runParser()
{
+ CSSParser* old = currentParser;
+ currentParser = this;
+ cssyyparse(this);
+ currentParser = old;
+ boundLocalNames.clear();
+}
+
+void CSSParser::setupParser(const char *prefix, const DOMString &string, const char \
*suffix) +{
+ int preflen = strlen(prefix);
+ int sufflen = strlen(suffix);
+ int length = string.length() + preflen + sufflen + 8;
+
+ free(data);
+
+ data = (unsigned short *)malloc( length *sizeof( unsigned short ) );
+ for (unsigned i = 0; i < preflen; i++)
+ data[i] = prefix[i];
+
+ memcpy(data + preflen, string.unicode(), string.length()*sizeof( unsigned \
short)); +
+ unsigned start = preflen + string.length();
+ unsigned end = start + sufflen;
+ for (unsigned i = start; i < end; i++)
+ data[i] = suffix[i - start];
+
// the flex scanner sometimes give invalid reads for any
- // smaller padding - try e.g. css/invalid-rules-005.html
- data[length-1] = 0;
- data[length-2] = 0;
- data[length-3] = 0;
- data[length-4] = 0;
- data[length-5] = ' ';
+ // smaller padding - try e.g. css/invalid-rules-005.html or see #167318
+ data[length - 1] = 0;
+ data[length - 2] = 0;
+ data[length - 3] = 0;
+ data[length - 4] = 0;
+ data[length - 5] = 0;
+ data[length - 6] = 0;
+ data[length - 7] = 0;
+ data[length - 8] = 0;
yyTok = -1;
block_nesting = 0;
@@ -160,28 +189,18 @@
yyleng = 0;
yytext = yy_c_buf_p = data;
yy_hold_char = *yy_c_buf_p;
-
- CSSParser *old = currentParser;
- currentParser = this;
- cssyyparse( this );
- currentParser = old;
- boundLocalNames.clear();
}
void CSSParser::parseSheet( CSSStyleSheetImpl *sheet, const DOMString &string )
{
styleElement = sheet;
- int length = string.length() + 5;
- if (data)
- free( data );
- data = (unsigned short *)malloc( length *sizeof( unsigned short ) );
- memcpy( data, string.unicode(), string.length()*sizeof( unsigned short) );
+ setupParser("", string, "");
#ifdef CSS_DEBUG
kDebug( 6080 ) << ">>>>>>> start parsing style sheet";
#endif
- runParser(length);
+ runParser();
#ifdef CSS_DEBUG
kDebug( 6080 ) << "<<<<<<< done parsing style sheet";
#endif
@@ -193,19 +212,10 @@
CSSRuleImpl *CSSParser::parseRule( DOM::CSSStyleSheetImpl *sheet, const \
DOM::DOMString &string ) {
styleElement = sheet;
+
+ setupParser("@-khtml-rule{", string, "} ");
+ runParser();
- const char khtml_rule[] = "@-khtml-rule{";
- int length = string.length() + 6 + strlen(khtml_rule);
- assert( !data );
- data = (unsigned short *)malloc( length *sizeof( unsigned short ) );
- for ( unsigned int i = 0; i < strlen(khtml_rule); i++ )
- data[i] = khtml_rule[i];
- memcpy( data + strlen( khtml_rule ), string.unicode(), string.length()*sizeof( \
unsigned short) );
- // qDebug("parse string = '%s'", QString::fromRawData( (const QChar *)data, \
length ).toLatin1().constData() );
- data[length-6] = '}';
-
- runParser(length);
-
CSSRuleImpl *result = rule;
rule = 0;
@@ -234,21 +244,13 @@
styleElement = declaration->stylesheet();
- const char khtml_value[] = "@-khtml-value{";
- int length = string.length() + 6 + strlen(khtml_value);
- assert( !data );
- data = (unsigned short *)malloc( length *sizeof( unsigned short ) );
- for ( unsigned int i = 0; i < strlen(khtml_value); i++ )
- data[i] = khtml_value[i];
- memcpy( data + strlen( khtml_value ), string.unicode(), string.length()*sizeof( \
unsigned short) );
- // qDebug("parse string = '%s'", QString::fromRawData( (const QChar *)data, \
length ).toLatin1().constData() );
- data[length-6] = '}';
+ setupParser("@-khtml-value{", string, "} ");
id = _id;
important = _important;
-
- runParser(length);
-
+
+ runParser();
+
delete rule;
rule = 0;
@@ -271,17 +273,9 @@
styleElement = declaration->stylesheet();
- const char khtml_decls[] = "@-khtml-decls{";
- int length = string.length() + 6 + strlen(khtml_decls);
- assert( !data );
- data = (unsigned short *)malloc( length *sizeof( unsigned short ) );
- for ( unsigned int i = 0; i < strlen(khtml_decls); i++ )
- data[i] = khtml_decls[i];
- memcpy( data + strlen( khtml_decls ), string.unicode(), string.length()*sizeof( \
unsigned short) );
- data[length-6] = '}';
+ setupParser("@-khtml-decls{", string, "} ");
+ runParser();
- runParser(length);
-
delete rule;
rule = 0;
@@ -304,18 +298,9 @@
mediaQuery = 0;
// can't use { because tokenizer state switches from mediaquery to initial state \
when it sees { token. // instead insert one " " (which is S in parser.y)
- const char khtml_queries[] = "@-khtml-mediaquery ";
- int length = string.length() + 6 + strlen(khtml_queries);
- if (data)
- free( data );
- data = (unsigned short *)malloc( length *sizeof( unsigned short ) );
- for ( unsigned int i = 0; i < strlen(khtml_queries); i++ )
- data[i] = khtml_queries[i];
- memcpy( data + strlen( khtml_queries ), string.unicode(), \
string.length()*sizeof( unsigned short) );
- data[length-6] = '}';
+ setupParser ("@-khtml-mediaquery ", string, "} ");
+ runParser();
- runParser(length);
-
bool ok = false;
if (mediaQuery) {
ok = true;
--- trunk/KDE/kdelibs/khtml/css/cssparser.h #948013:948014
@@ -226,7 +226,8 @@
int lex();
private:
int yyparse();
- void runParser(int length);
+ void runParser();
+ void setupParser(const char *prefix, const DOMString &string, const char \
*suffix);
bool inShorthand() const { return m_inParseShorthand; }
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic