nephele/haikuwebkit - haikuwebkit - GryphNode

nephele

/

haikuwebkit

2 lines

183 B

Plaintext

Raw Permalink Normal View History

ASSERTION FAILED: name[0] == '@' && length >= 2 in WebCore::CSSParser::detectAtToken https://bugs.webkit.org/show_bug.cgi?id=134632 Source/WebCore: At-rules must consist of at least two characters: the '@' symbol followed by an identifier name. The failure of this condition makes the assertion fail. The length of an at-rule is currently calculated by pointer arithmetic on the 'result' pointer, which is expected to be set to the end of the at-rule identifier by the WebCore::*CSSTokenizer::parseIdentifier method. If the at-rule token is a sequence of 8-bit-only characters then 'result' will point correctly at the end of the identifier. However, if the at-rule contains a 16-bit Unicode escape then 'result' will not be updated correctly anymore, hence it cannot be used for length calculation. The patch makes the parseIdentifier bump the result pointer even in the 16-bit slow case. Patch by Renata Hodovan, backported from Chromium: https://codereview.chromium.org/241053002 Patch by Martin Hodovan <mhodovan.u-szeged@partner.samsung.com> on 2014-08-05 Reviewed by Darin Adler. Test: fast/css/atrule-with-escape-character-crash.html * css/CSSParser.cpp: (WebCore::CSSParser::realLex): LayoutTests: Added test demonstrates that at-rules containing 16-bit Unicode characters can be handled properly. Patch by Martin Hodovan <mhodovan.u-szeged@partner.samsung.com> on 2014-08-05 Reviewed by Darin Adler. * fast/css/atrule-with-escape-character-crash-expected.txt: Added. * fast/css/atrule-with-escape-character-crash.html: Added. Canonical link: https://commits.webkit.org/153472@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172036 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2014-08-05 18:14:31 +00:00

Test for crash when the identifier of an at-rule contains unicode escapes. The test passes if it does not cause an assertion failure. [https://bugs.webkit.org/show_bug.cgi?id=134632]