Title: [140064] trunk/Source/WebCore
- Revision
- 140064
- Author
- rafa...@chromium.org
- Date
- 2013-01-17 16:06:54 -0800 (Thu, 17 Jan 2013)
Log Message
[Template] Avoid reading beyond the end of the buffer in preload scanner when check for </template>
https://bugs.webkit.org/show_bug.cgi?id=107143
Reviewed by Adam Barth.
This patch corrects to use AtomicString constructor which takes an explicit size. Additionally, the logic
for exiting early is slightly improved.
No new tests.
* html/parser/HTMLPreloadScanner.cpp:
(WebCore::PreloadTask::PreloadTask):
(WebCore::HTMLPreloadScanner::processToken):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (140063 => 140064)
--- trunk/Source/WebCore/ChangeLog 2013-01-18 00:04:37 UTC (rev 140063)
+++ trunk/Source/WebCore/ChangeLog 2013-01-18 00:06:54 UTC (rev 140064)
@@ -1,3 +1,19 @@
+2013-01-17 Rafael Weinstein <rafa...@chromium.org>
+
+ [Template] Avoid reading beyond the end of the buffer in preload scanner when check for </template>
+ https://bugs.webkit.org/show_bug.cgi?id=107143
+
+ Reviewed by Adam Barth.
+
+ This patch corrects to use AtomicString constructor which takes an explicit size. Additionally, the logic
+ for exiting early is slightly improved.
+
+ No new tests.
+
+ * html/parser/HTMLPreloadScanner.cpp:
+ (WebCore::PreloadTask::PreloadTask):
+ (WebCore::HTMLPreloadScanner::processToken):
+
2013-01-17 Huang Dongsung <luxte...@company100.net>
[TexMap] Match initializing members in GraphicsLayerTransform to initializing members in GraphicsLayer.
Modified: trunk/Source/WebCore/html/parser/HTMLPreloadScanner.cpp (140063 => 140064)
--- trunk/Source/WebCore/html/parser/HTMLPreloadScanner.cpp 2013-01-18 00:04:37 UTC (rev 140063)
+++ trunk/Source/WebCore/html/parser/HTMLPreloadScanner.cpp 2013-01-18 00:06:54 UTC (rev 140064)
@@ -46,13 +46,13 @@
class PreloadTask {
public:
- explicit PreloadTask(const HTMLToken& token)
- : m_tagName(token.name().data(), token.name().size())
+ explicit PreloadTask(const AtomicString& tagName, const HTMLToken::AttributeList& attributes)
+ : m_tagName(tagName)
, m_linkIsStyleSheet(false)
, m_linkMediaAttributeIsScreen(true)
, m_inputIsImage(false)
{
- processAttributes(token.attributes());
+ processAttributes(attributes);
}
void processAttributes(const HTMLToken::AttributeList& attributes)
@@ -204,35 +204,32 @@
if (m_token.type() != HTMLTokenTypes::StartTag) {
#if ENABLE(TEMPLATE_ELEMENT)
- if (m_templateCount && m_token.type() == HTMLTokenTypes::EndTag && AtomicString(m_token.name().data()) == templateTag)
+ if (m_templateCount && m_token.type() == HTMLTokenTypes::EndTag && AtomicString(m_token.name().data(), m_token.name().size()) == templateTag)
m_templateCount--;
#endif
return;
}
- PreloadTask task(m_token);
- m_tokenizer->updateStateFor(task.tagName());
+ AtomicString tagName(m_token.name().data(), m_token.name().size());
#if ENABLE(TEMPLATE_ELEMENT)
- if (task.tagName() == templateTag)
+ if (tagName == templateTag)
m_templateCount++;
+
+ if (m_templateCount)
+ return;
#endif
+ PreloadTask task(tagName, m_token.attributes());
+ m_tokenizer->updateStateFor(task.tagName());
+
if (task.tagName() == styleTag)
m_inStyle = true;
if (task.tagName() == baseTag)
updatePredictedBaseElementURL(KURL(m_document->url(), task.baseElementHref()));
- bool preload = true;
-
-#if ENABLE(TEMPLATE_ELEMENT)
- if (m_templateCount)
- preload = false;
-#endif
-
- if (preload)
- task.preload(m_document, m_predictedBaseElementURL.isEmpty() ? m_document->baseURL() : m_predictedBaseElementURL);
+ task.preload(m_document, m_predictedBaseElementURL.isEmpty() ? m_document->baseURL() : m_predictedBaseElementURL);
}
void HTMLPreloadScanner::updatePredictedBaseElementURL(const KURL& baseElementURL)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes
