Permalink
Browse files

Fix two off-by-one reads in the CSS parser.

Fixes #1276

(Squash of 5ac1322, c936eaa, 6dfaf07, and 356a845)
  • Loading branch information...
crowell authored and jeffkaufman committed Mar 2, 2016
1 parent 7cccc26 commit 0bc4ce7c8bd7b6ef963d9e962ddeac5b5787622c
@@ -29,14 +29,12 @@

#include "base/logging.h"
#include "base/macros.h"
#include "base/scoped_ptr.h"
#include "strings/strutil.h"
#include "third_party/utf/utf.h"
#include "util/gtl/stl_util.h"
#include "util/utf8/public/unicodetext.h"
#include "util/utf8/public/unilib.h"
#include "webutil/css/fallthrough_intended.h"
#include "webutil/css/string.h"
#include "webutil/css/fallthrough_intended.h" // Needed in open source
#include "webutil/css/string_util.h"
#include "webutil/css/util.h"
#include "webutil/css/value.h"
@@ -542,7 +540,7 @@ char32 Parser::ParseEscape() {
}
if (end_ - in_ >= 2 && memcmp(in_, "\r\n", 2) == 0)
in_ += 2;
else if (IsSpace(*in_))
else if (in_ < end_ && IsSpace(*in_))
in_++;
}

@@ -926,7 +924,6 @@ Value* Parser::ParseUrl() {
if (len && rune != Runeerror) {
s.push_back(rune);
in_ += len;
DCHECK(!Done());
} else {
ReportParsingError(kUtf8Error, "UTF8 parsing error in URL");
in_++;
@@ -2387,7 +2384,9 @@ MediaQuery* Parser::ParseMediaQuery() {
found_and = true;
}
} else {
if (ident.empty()) {
if (in_ >= end_) {
ReportParsingError(kMediaError, "Unexpected EOF");
} else if (ident.empty()) {
ReportParsingError(kMediaError, StringPrintf(
"Unexpected char in media query: %c", *in_));
} else {
@@ -2696,4 +2696,18 @@ TEST_F(ParserTest, ParseAnyParens) {
EXPECT_STREQ(" 9 7)", p->in_);
}

TEST_F(ParserTest, BadPartialImport) {
const char kBadPartialImport[] = "@import url(R\xd5\x9b";
Parser parser(kBadPartialImport);
delete parser.ParseStylesheet();
EXPECT_NE(Parser::kNoError, parser.errors_seen_mask());
}

TEST_F(ParserTest, BadPartialImportEncoding) {
const char kBadPartialImportEncoding[] = "@import url(R\xd5";
Parser parser(kBadPartialImportEncoding);
delete parser.ParseStylesheet();
EXPECT_NE(Parser::kNoError, parser.errors_seen_mask());
}

} // namespace Css

0 comments on commit 0bc4ce7

Please sign in to comment.