-
msaboff@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=95706 Source/WebCore: Reviewed by Abhishek Arya. Pass the length of string literals to CSSParser static functions equal() and equalIgnoringCase() so that checks won't access out of bounds memory. Added test fast/css/crash-comparing-equal.html. * css/CSSParser.cpp: (WebCore::equal): Use template to retrieve the length of string literal. (WebCore::equalIgnoringCase): Ditto. (WebCore::CSSParser::parseDashboardRegions): Use const char[] instead of const char* LayoutTests: Added test from duplicate defect https://bugs.webkit.org/show_bug.cgi?id=95634. Reviewed by Abhishek Arya. * fast/css/crash-comparing-equal-expected.txt: Added. * fast/css/crash-comparing-equal.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127508 268f45cc-cd09-0410-ab3c-d52691b4dbfc
5f2e9dec