Commit 7c41f9e0 authored by bfulgham@webkit.org's avatar bfulgham@webkit.org

2009-06-19 Chris Evans <scarybeasts@gmail.com>

        Reviewed by Eric Seidel.

        There is no new test because this cannot be tested deterministically.
        I've not been able to cause a crash at all in the test framework, but
        I have verified that this is happening in the wild and that the patch
        fixes the likely cause in the debugger.

        * loader/TextResourceDecoder.cpp: careful not to iterate off the end
          of our input buffer looking for the end of the comment.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@44865 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 31843bb5
2009-06-19 Chris Evans <scarybeasts@gmail.com>
Reviewed by Eric Seidel.
There is no new test because this cannot be tested deterministically.
I've not been able to cause a crash at all in the test framework, but
I have verified that this is happening in the wild and that the patch
fixes the likely cause in the debugger.
* loader/TextResourceDecoder.cpp: careful not to iterate off the end
of our input buffer looking for the end of the comment.
2009-06-19 Adam Barth <abarth@webkit.org>
Reviewed by Dimitri Glazkov.
......
......@@ -509,11 +509,13 @@ bool TextResourceDecoder::checkForCSSCharset(const char* data, size_t len, bool&
static inline void skipComment(const char*& ptr, const char* pEnd)
{
const char* p = ptr;
if (p == pEnd)
return;
// Allow <!-->; other browsers do.
if (*p == '>') {
p++;
} else {
while (p != pEnd) {
while (p + 2 < pEnd) {
if (*p == '-') {
// This is the real end of comment, "-->".
if (p[1] == '-' && p[2] == '>') {
......@@ -521,7 +523,7 @@ static inline void skipComment(const char*& ptr, const char* pEnd)
break;
}
// This is the incorrect end of comment that other browsers allow, "--!>".
if (p[1] == '-' && p[2] == '!' && p[3] == '>') {
if (p + 3 < pEnd && p[1] == '-' && p[2] == '!' && p[3] == '>') {
p += 4;
break;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment