Changeset 138141 in webkit

Timestamp:

Dec 19, 2012 3:56:08 AM (11 years ago)

Author:

reni@webkit.org

Message:

CSSParser crases, when no context is available, and the value is a valid keyword
​https://bugs.webkit.org/show_bug.cgi?id=105275

Reviewed by Tony Chang.

ParserContext could be null even if the keyword is valid. We have to check it.

Source/WebCore:

Test: fast/css/invalid-parsercontext-valid-keyword-crash.svg

• css/CSSParser.cpp:

(WebCore::CSSParser::parseValue):

LayoutTests:

• fast/css/invalid-parsercontext-valid-keyword-crash-expected.txt: Added.
• fast/css/invalid-parsercontext-valid-keyword-crash.svg: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/css/invalid-parsercontext-valid-keyword-crash-expected.txt (added)
• LayoutTests/fast/css/invalid-parsercontext-valid-keyword-crash.svg (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/css/CSSParser.cpp (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2012-12-19  Renata Hodovan  <reni@webkit.org>
+
+        CSSParser crases, when no context is available, and the value is a valid keyword
+        https://bugs.webkit.org/show_bug.cgi?id=105275
+
+        Reviewed by Tony Chang.
+
+        ParserContext could be null even if the keyword is valid. We have to check it.
+
+        * fast/css/invalid-parsercontext-valid-keyword-crash-expected.txt: Added.
+        * fast/css/invalid-parsercontext-valid-keyword-crash.svg: Added.
+
 2012-12-19  Dominik Röttsches  <dominik.rottsches@intel.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-12-19  Renata Hodovan  <reni@webkit.org>
+
+        CSSParser crases, when no context is available, and the value is a valid keyword
+        https://bugs.webkit.org/show_bug.cgi?id=105275
+
+        Reviewed by Tony Chang.
+
+        ParserContext could be null even if the keyword is valid. We have to check it.
+
+        Test: fast/css/invalid-parsercontext-valid-keyword-crash.svg
+
+        * css/CSSParser.cpp:
+        (WebCore::CSSParser::parseValue):
+
 2012-12-19  Kondapally Kalyan  <kalyan.kondapally@intel.com>
 

trunk/Source/WebCore/css/CSSParser.cpp

@@ -1230 +1230 @@
     if (parseColorValue(declaration, propertyID, string, important, cssParserMode))
         return true;
-    if (parseKeywordValue(declaration, propertyID, string, important, contextStyleSheet->parserContext()))
-        return true;
-    if (parseTranslateTransformValue(declaration, propertyID, string, important))
-        return true;
 
     CSSParserContext context(cssParserMode);
@@ -1240 +1236 @@
         context.mode = cssParserMode;
     }
+
+    if (parseKeywordValue(declaration, propertyID, string, important, context))
+        return true;
+    if (parseTranslateTransformValue(declaration, propertyID, string, important))
+        return true;
+
     CSSParser parser(context);
     return parser.parseValue(declaration, propertyID, string, important, contextStyleSheet);