-
bdakin@apple.com authored
2008-03-25 Beth Dakin <bdakin@apple.com> Reviewed by Oliver. Fix for <rdar://problem/5811826> CSSValueList::item() does not range-check index Check bounds before accessing the item to avoid a crash. itemWithoutBoundsCheck() is still inlined and not bounds-checked to avoid slowing down our internal callers of item(). * css/CSSValueList.cpp: (WebCore::CSSValueList::item): * css/CSSValueList.h: (WebCore::CSSValueList::itemWithoutBoundsCheck): Call itemWithoutBoundsCheck() to avoid slowing down these internal callers. * css/CSSFontSelector.cpp: (WebCore::CSSFontSelector::addFontFaceRule): * css/CSSMutableStyleDeclaration.cpp: (WebCore::CSSMutableStyleDeclaration::getLayeredShorthandValue): * css/CSSStyleSelector.cpp: (WebCore::applyCounterList): (WebCore::CSSStyleSelector::applyProperty): * css/MediaQueryEvaluator.cpp: (WebCore::parseAspectRatio): * svg/SVGFontFaceElement.cpp: (WebCore::SVGFontFaceElement::rebuildFontFace): * svg/graphics/SVGPaintServer.cpp: (WebCore::dashArrayFromRenderingStyle): LayoutTests: 2008-03-25 Beth Dakin <bdakin@apple.com> Reviewed by Oliver. Test for <rdar://problem/5811826> CSSValueList::item() does not range-check index * fast/css/resources/bikes.bmp: Added. * fast/css/value-list-out-of-bounds-crash.html: Added. * platform/mac/fast/css/value-list-out-of-bounds-crash-expected.checksum: Added. * platform/mac/fast/css/value-list-out-of-bounds-crash-expected.png: Added. * platform/mac/fast/css/value-list-out-of-bounds-crash-expected.txt: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@31309 268f45cc-cd09-0410-ab3c-d52691b4dbfc2d15955c
