Changeset 176983 in webkit

Timestamp:

Dec 8, 2014 3:55:04 PM (9 years ago)

Author:

benjamin@webkit.org

Message:

Fix the parsing of advanced :lang() after r176902
​https://bugs.webkit.org/show_bug.cgi?id=139379

Reviewed by Andreas Kling.

Source/WebCore:

There were two mistakes that were only caught in debug:

The lexer was not calling isIdentifierStart() before parseIdentifier().
Some identifier we were parsing should have been invalid.
This was caught with an assertion in parseIdentifier().

The other issue is that we were accumulating pointer to freed memory.
The tokenizer for LANGRANGE was creating a new string with a StringBuilder.
The problem is that CSSParserString does not keep the source string alive.
Consequently, the list of language range was accumulating pointers to dead
StringImpls.

The fix there is to simply extend the token to take the original asterisk character
from the input. That is not elegant but that's efficient and we know
the buffer lifetime.

• css/CSSParser.cpp:

(WebCore::CSSParser::realLex):

• css/CSSGrammar.y.in: Fix the indentation of a language range rule.

LayoutTests:

Unskip and update the tests.

All the interesting cases were covered, I just had to update
the expectations.

• TestExpectations:
• fast/css/css-selector-text-expected.txt:
• fast/css/css-selector-text.html:
• fast/css/parsing-css-lang-expected.txt:
• fast/css/parsing-css-lang.html:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/TestExpectations (modified) (1 diff)
• LayoutTests/fast/css/css-selector-text-expected.txt (modified) (6 diffs)
• LayoutTests/fast/css/css-selector-text.html (modified) (6 diffs)
• LayoutTests/fast/css/parsing-css-lang-expected.txt (modified) (2 diffs)
• LayoutTests/fast/css/parsing-css-lang.html (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/css/CSSGrammar.y.in (modified) (1 diff)
• Source/WebCore/css/CSSParser.cpp (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2014-12-08  Benjamin Poulain  <benjamin@webkit.org>
+
+        Fix the parsing of advanced :lang() after r176902
+        https://bugs.webkit.org/show_bug.cgi?id=139379
+
+        Reviewed by Andreas Kling.
+
+        Unskip and update the tests.
+
+        All the interesting cases were covered, I just had to update
+        the expectations.
+
+        * TestExpectations:
+        * fast/css/css-selector-text-expected.txt:
+        * fast/css/css-selector-text.html:
+        * fast/css/parsing-css-lang-expected.txt:
+        * fast/css/parsing-css-lang.html:
+
 2014-12-08  Myles C. Maxfield  <mmaxfield@apple.com>
 

trunk/LayoutTests/TestExpectations

@@ -130 +130 @@
 webkit.org/b/135390 fast/css/fontloader-page-cache.html [ Skip ]
 webkit.org/b/135390 http/tests/webfont/fontloader-loading-attribute.html [ Skip ]
-
-# regression due to r176902:
-webkit.org/b/139014 [ Debug ] fast/css/parsing-css-lang.html [ Skip ]
-webkit.org/b/139014 [ Debug ] fast/css/css-selector-text.html [ Skip ]
 
 # Various failures from the W3C CSS Shapes test suite import

trunk/LayoutTests/fast/css/css-selector-text-expected.txt

@@ -48 +48 @@
 PASS parseThenSerializeRule(':visited { }') is ':visited { }'
 
-PASS parseThenSerializeRule(':lang(*-) { }') is ':lang(*-) { }'
-PASS parseThenSerializeRule(':lang(*--) { }') is ':lang(*--) { }'
-PASS parseThenSerializeRule(':lang(*---) { }') is ':lang(*---) { }'
-PASS parseThenSerializeRule(':lang(*----) { }') is ':lang(*----) { }'
-
 PASS parseThenSerializeRule(':lang(*-ab) { }') is ':lang(*-ab) { }'
 PASS parseThenSerializeRule(':lang(*-ab-) { }') is ':lang(*-ab-) { }'
-PASS parseThenSerializeRule(':lang(*-1996) { }') is ':lang(*-1996) { }'
 PASS parseThenSerializeRule(':lang(*-DE-1996) { }') is ':lang(*-DE-1996) { }'
 
@@ -325 +319 @@
 
 PASS parseThenSerializeRule(':lang(\\*    ) { }') is ':lang(*) { }'
-PASS parseThenSerializeRule(':lang(*-    ) { }') is ':lang(*-) { }'
 PASS parseThenSerializeRule(':lang(*-en    ) { }') is ':lang(*-en) { }'
 PASS parseThenSerializeRule(':lang(*-en-\\*    ) { }') is ':lang(*-en-*) { }'
@@ -360 +353 @@
 PASS parseThenSerializeRule(':lang(   \\*  ,  id-\\*-sumatra  ) { }') is ':lang(*, id-*-sumatra) { }'
 PASS parseThenSerializeRule(':lang(   \\*   ,    id-\\*-sumatra  ) { }') is ':lang(*, id-*-sumatra) { }'
-
-PASS parseThenSerializeRule(':lang(*-1996) { }') is ':lang(*-1996) { }'
-PASS parseThenSerializeRule(':lang(*-1996, *-1997) { }') is ':lang(*-1996, *-1997) { }'
-PASS parseThenSerializeRule(':lang(*-1996, *-1997 ) { }') is ':lang(*-1996, *-1997) { }'
-PASS parseThenSerializeRule(':lang(   *-1996   ,  *-1997   ) { }') is ':lang(*-1996, *-1997) { }'
-PASS parseThenSerializeRule(':lang(   *-1996   ,*-1997   ) { }') is ':lang(*-1996, *-1997) { }'
-PASS parseThenSerializeRule(':lang(   *-1996,*-1997   ) { }') is ':lang(*-1996, *-1997) { }'
 
 PASS parseThenSerializeRule(':lang(en-\\*) { }') is ':lang(en-*) { }'
@@ -397 +383 @@
 PASS parseThenSerializeRule(':lang([]) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
 PASS parseThenSerializeRule(':lang(@media screen {}) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
-PASS parseThenSerializeRule(':lang(*)') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
-PASS parseThenSerializeRule(':lang(**)') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
-PASS parseThenSerializeRule(':lang(-*-)') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(*-) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(*-    ) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(*--) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(*---) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(*----) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(*)' { }) threw exception SyntaxError: Unexpected token '{'. Expected ')' to end a argument list..
+PASS parseThenSerializeRule(':lang(**) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(-*-) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
 PASS parseThenSerializeRule(':lang(*-*) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
 PASS parseThenSerializeRule(':lang(de-*)') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
@@ -406 +397 @@
 PASS parseThenSerializeRule(':lang(*-en-*fr) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
 PASS parseThenSerializeRule(':lang(*-*en-fr) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
-PASS parseThenSerializeRule(':lang(*-1997)') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
-PASS parseThenSerializeRule(':lang(*-1997-*)') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(*-1997) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(*-1997-*) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
 PASS parseThenSerializeRule(':lang(*a*) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
 PASS parseThenSerializeRule(':lang(*a) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
@@ -418 +409 @@
 PASS parseThenSerializeRule(':lang(*-a, br fr) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
 PASS parseThenSerializeRule(':lang(*-a, br fr en *) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(*-1996, *-1997) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(*-1996, *-1997 ) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(   *-1996   ,  *-1997   ) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(   *-1996   ,*-1997   ) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
+PASS parseThenSerializeRule(':lang(   *-1996,*-1997   ) { }') threw exception TypeError: undefined is not an object (evaluating 'styleElement.sheet.cssRules[0].cssText').
 
 PASS parseThenSerializeRule(':role(a) { }') is ':role(a) { }'

trunk/LayoutTests/fast/css/css-selector-text.html

@@ -81 +81 @@
 debug('');
 
-testSelectorRoundTrip(":lang(*-)");
-testSelectorRoundTrip(":lang(*--)");
-testSelectorRoundTrip(":lang(*---)");
-testSelectorRoundTrip(":lang(*----)");
-
-debug('');
-
 testSelectorRoundTrip(":lang(*-ab)");
 testSelectorRoundTrip(":lang(*-ab-)");
-testSelectorRoundTrip(":lang(*-1996)");
 testSelectorRoundTrip(":lang(*-DE-1996)");
 
@@ -418 +410 @@
 
 shouldBe("parseThenSerializeRule(':lang(\\\\*    ) { }')", "':lang(*) { }'");
-shouldBe("parseThenSerializeRule(':lang(*-    ) { }')", "':lang(*-) { }'");
 shouldBe("parseThenSerializeRule(':lang(*-en    ) { }')", "':lang(*-en) { }'");
 shouldBe("parseThenSerializeRule(':lang(*-en-\\\\*    ) { }')", "':lang(*-en-*) { }'");
@@ -459 +450 @@
 shouldBe("parseThenSerializeRule(':lang(   \\\\*  ,  id-\\\\*-sumatra  ) { }')", "':lang(*, id-*-sumatra) { }'");
 shouldBe("parseThenSerializeRule(':lang(   \\\\*   ,    id-\\\\*-sumatra  ) { }')", "':lang(*, id-*-sumatra) { }'");
-
-debug('');
-
-shouldBe("parseThenSerializeRule(':lang(*-1996) { }')", "':lang(*-1996) { }'");
-shouldBe("parseThenSerializeRule(':lang(*-1996, *-1997) { }')", "':lang(*-1996, *-1997) { }'");
-shouldBe("parseThenSerializeRule(':lang(*-1996, *-1997 ) { }')", "':lang(*-1996, *-1997) { }'");
-shouldBe("parseThenSerializeRule(':lang(   *-1996   ,  *-1997   ) { }')", "':lang(*-1996, *-1997) { }'");
-shouldBe("parseThenSerializeRule(':lang(   *-1996   ,*-1997   ) { }')", "':lang(*-1996, *-1997) { }'");
-shouldBe("parseThenSerializeRule(':lang(   *-1996,*-1997   ) { }')", "':lang(*-1996, *-1997) { }'");
 
 debug('');
@@ -503 +485 @@
 shouldThrow("parseThenSerializeRule(':lang(@media screen {}) { }')");
 
-shouldThrow("parseThenSerializeRule(':lang(*)')");
-shouldThrow("parseThenSerializeRule(':lang(**)')");
-shouldThrow("parseThenSerializeRule(':lang(-*-)')");
+shouldThrow("parseThenSerializeRule(':lang(*-) { }')");
+shouldThrow("parseThenSerializeRule(':lang(*-    ) { }')");
+shouldThrow("parseThenSerializeRule(':lang(*--) { }')");
+shouldThrow("parseThenSerializeRule(':lang(*---) { }')");
+shouldThrow("parseThenSerializeRule(':lang(*----) { }')");
+
+shouldThrow("parseThenSerializeRule(':lang(*)' { })");
+shouldThrow("parseThenSerializeRule(':lang(**) { }')");
+shouldThrow("parseThenSerializeRule(':lang(-*-) { }')");
 shouldThrow("parseThenSerializeRule(':lang(*-*) { }')");
 shouldThrow("parseThenSerializeRule(':lang(de-*)')");
@@ -512 +500 @@
 shouldThrow("parseThenSerializeRule(':lang(*-en-*fr) { }')");
 shouldThrow("parseThenSerializeRule(':lang(*-*en-fr) { }')");
-shouldThrow("parseThenSerializeRule(':lang(*-1997)')");
-shouldThrow("parseThenSerializeRule(':lang(*-1997-*)')");
+shouldThrow("parseThenSerializeRule(':lang(*-1997) { }')");
+shouldThrow("parseThenSerializeRule(':lang(*-1997-*) { }')");
 shouldThrow("parseThenSerializeRule(':lang(*a*) { }')");
 shouldThrow("parseThenSerializeRule(':lang(*a) { }')");
@@ -525 +513 @@
 shouldThrow("parseThenSerializeRule(':lang(*-a, br fr en *) { }')");
 
+shouldThrow("parseThenSerializeRule(':lang(*-1996, *-1997) { }')");
+shouldThrow("parseThenSerializeRule(':lang(*-1996, *-1997 ) { }')");
+shouldThrow("parseThenSerializeRule(':lang(   *-1996   ,  *-1997   ) { }')");
+shouldThrow("parseThenSerializeRule(':lang(   *-1996   ,*-1997   ) { }')");
+shouldThrow("parseThenSerializeRule(':lang(   *-1996,*-1997   ) { }')");
+
 debug('');
 

trunk/LayoutTests/fast/css/parsing-css-lang-expected.txt

@@ -125 +125 @@
 PASS document.getElementById('style-container').sheet.cssRules.length is 1
 PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(rm-CH)"
-PASS document.querySelector(":lang(*-)") did not throw exception.
-PASS document.getElementById('style-container').sheet.cssRules.length is 1
-PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*-)"
-PASS document.querySelector(":lang(*-    )") did not throw exception.
-PASS document.getElementById('style-container').sheet.cssRules.length is 1
-PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*-)"
-PASS document.querySelector(":lang(*--)") did not throw exception.
-PASS document.getElementById('style-container').sheet.cssRules.length is 1
-PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*--)"
-PASS document.querySelector(":lang(*--    )") did not throw exception.
-PASS document.getElementById('style-container').sheet.cssRules.length is 1
-PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*--)"
-PASS document.querySelector(":lang(*---)") did not throw exception.
-PASS document.getElementById('style-container').sheet.cssRules.length is 1
-PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*---)"
-PASS document.querySelector(":lang(*---    )") did not throw exception.
-PASS document.getElementById('style-container').sheet.cssRules.length is 1
-PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*---)"
-PASS document.querySelector(":lang(*----)") did not throw exception.
-PASS document.getElementById('style-container').sheet.cssRules.length is 1
-PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*----)"
-PASS document.querySelector(":lang(*----    )") did not throw exception.
-PASS document.getElementById('style-container').sheet.cssRules.length is 1
-PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*----)"
 PASS document.querySelector(":lang(*-CH)") did not throw exception.
 PASS document.getElementById('style-container').sheet.cssRules.length is 1
@@ -161 +137 @@
 PASS document.getElementById('style-container').sheet.cssRules.length is 1
 PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*-DE-1996)"
-PASS document.querySelector(":lang(*-1996)") did not throw exception.
-PASS document.getElementById('style-container').sheet.cssRules.length is 1
-PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*-1996)"
-PASS document.querySelector(":lang(*-1996    )") did not throw exception.
-PASS document.getElementById('style-container').sheet.cssRules.length is 1
-PASS document.getElementById('style-container').sheet.cssRules[0].selectorText is ":lang(*-1996)"
 PASS document.querySelector(":lang(*-br-zh)") did not throw exception.
 PASS document.getElementById('style-container').sheet.cssRules.length is 1

trunk/LayoutTests/fast/css/parsing-css-lang.html

@@ -47 +47 @@
     "rm-CH",
 
-    "*-",
-    "*--",
-    "*---",
-    "*----",
-
     "*-CH",
     "*-DE-1996",
-    "*-1996",
     "*-br-zh",
     "id-\\*-sumatra",

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2014-12-08  Benjamin Poulain  <benjamin@webkit.org>
+
+        Fix the parsing of advanced :lang() after r176902
+        https://bugs.webkit.org/show_bug.cgi?id=139379
+
+        Reviewed by Andreas Kling.
+
+        There were two mistakes that were only caught in debug:
+
+        The lexer was not calling isIdentifierStart() before parseIdentifier().
+        Some identifier we were parsing should have been invalid.
+        This was caught with an assertion in parseIdentifier().
+
+        The other issue is that we were accumulating pointer to freed memory.
+        The tokenizer for LANGRANGE was creating a new string with a StringBuilder.
+        The problem is that CSSParserString does not keep the source string alive.
+        Consequently, the list of language range was accumulating pointers to dead
+        StringImpls.
+
+        The fix there is to simply extend the token to take the original asterisk character
+        from the input. That is not elegant but that's efficient and we know
+        the buffer lifetime.
+
+        * css/CSSParser.cpp:
+        (WebCore::CSSParser::realLex):
+        * css/CSSGrammar.y.in: Fix the indentation of a language range rule.
+
 2014-12-08  Anders Carlsson  <andersca@apple.com>
 

trunk/Source/WebCore/css/CSSGrammar.y.in

@@ -1396 +1396 @@
         $$ = nullptr;
         if ($4) {
-          auto selector = std::make_unique<CSSParserSelector>();
-          selector->setMatch(CSSSelector::PseudoClass);
-          selector->setArgumentList(*std::unique_ptr<Vector<CSSParserString>>($4));
-          selector->setPseudoClassValue($2);
-          if (selector->pseudoClassType() == CSSSelector::PseudoClassLang)
-              $$ = selector.release();
+            auto selector = std::make_unique<CSSParserSelector>();
+            selector->setMatch(CSSSelector::PseudoClass);
+            selector->setArgumentList(*std::unique_ptr<Vector<CSSParserString>>($4));
+            selector->setPseudoClassValue($2);
+            if (selector->pseudoClassType() == CSSSelector::PseudoClassLang)
+                $$ = selector.release();
         }
     }

trunk/Source/WebCore/css/CSSParser.cpp

@@ -11488 +11488 @@
             m_token = CONTAINS;
 #if ENABLE(CSS_SELECTORS_LEVEL4)
-        } else if (*currentCharacter<SrcCharacterType>() == '-') {
+        } else if (*currentCharacter<SrcCharacterType>() == '-' && isIdentifierStart<SrcCharacterType>()) {
             result = currentCharacter<SrcCharacterType>();
 
@@ -11494 +11494 @@
             parseIdentifier(result, parsedIdentifier, hasEscape);
 
-            StringBuilder parsedLangRange;
-            parsedLangRange.append('*');
-            parsedLangRange.append(parsedIdentifier);
-
-            m_token = LANGRANGE;
-            yylval->string.init(parsedLangRange.toString());
+            if (parsedIdentifier.length()) {
+                m_token = LANGRANGE;
+                yylval->string.init(tokenStart<SrcCharacterType>(), parsedIdentifier.length() + 1);
+            }
 #endif
         }