Skip to content
This repository has been archived by the owner on Apr 21, 2023. It is now read-only.

Commit

Permalink
Fix two off-by-one reads in the CSS parser.
Browse files Browse the repository at this point in the history
Fixes #1276

(Squash of 5ac1322, c936eaa, 6dfaf07, and 356a845)
  • Loading branch information
crowell authored and jeffkaufman committed Mar 7, 2016
1 parent 7cccc26 commit 0bc4ce7
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 6 deletions.
11 changes: 5 additions & 6 deletions third_party/css_parser/src/webutil/css/parser.cc
Expand Up @@ -29,14 +29,12 @@

#include "base/logging.h"
#include "base/macros.h"
#include "base/scoped_ptr.h"
#include "strings/strutil.h"
#include "third_party/utf/utf.h"
#include "util/gtl/stl_util.h"
#include "util/utf8/public/unicodetext.h"
#include "util/utf8/public/unilib.h"
#include "webutil/css/fallthrough_intended.h"
#include "webutil/css/string.h"
#include "webutil/css/fallthrough_intended.h" // Needed in open source
#include "webutil/css/string_util.h"
#include "webutil/css/util.h"
#include "webutil/css/value.h"
Expand Down Expand Up @@ -542,7 +540,7 @@ char32 Parser::ParseEscape() {
}
if (end_ - in_ >= 2 && memcmp(in_, "\r\n", 2) == 0)
in_ += 2;
else if (IsSpace(*in_))
else if (in_ < end_ && IsSpace(*in_))
in_++;
}

Expand Down Expand Up @@ -926,7 +924,6 @@ Value* Parser::ParseUrl() {
if (len && rune != Runeerror) {
s.push_back(rune);
in_ += len;
DCHECK(!Done());
} else {
ReportParsingError(kUtf8Error, "UTF8 parsing error in URL");
in_++;
Expand Down Expand Up @@ -2387,7 +2384,9 @@ MediaQuery* Parser::ParseMediaQuery() {
found_and = true;
}
} else {
if (ident.empty()) {
if (in_ >= end_) {
ReportParsingError(kMediaError, "Unexpected EOF");
} else if (ident.empty()) {
ReportParsingError(kMediaError, StringPrintf(
"Unexpected char in media query: %c", *in_));
} else {
Expand Down
14 changes: 14 additions & 0 deletions third_party/css_parser/src/webutil/css/parser_unittest.cc
Expand Up @@ -2696,4 +2696,18 @@ TEST_F(ParserTest, ParseAnyParens) {
EXPECT_STREQ(" 9 7)", p->in_);
}

TEST_F(ParserTest, BadPartialImport) {
const char kBadPartialImport[] = "@import url(R\xd5\x9b";
Parser parser(kBadPartialImport);
delete parser.ParseStylesheet();
EXPECT_NE(Parser::kNoError, parser.errors_seen_mask());
}

TEST_F(ParserTest, BadPartialImportEncoding) {
const char kBadPartialImportEncoding[] = "@import url(R\xd5";
Parser parser(kBadPartialImportEncoding);
delete parser.ParseStylesheet();
EXPECT_NE(Parser::kNoError, parser.errors_seen_mask());
}

} // namespace Css

0 comments on commit 0bc4ce7

Please sign in to comment.