Stack overflow in CSS parser caused by recursive stylesheet import

author commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Tue, 17 Apr 2012 06:26:53 +0000 (06:26 +0000)

committer commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Tue, 17 Apr 2012 06:26:53 +0000 (06:26 +0000)
author commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 Apr 2012 06:26:53 +0000 (06:26 +0000)
committer commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 Apr 2012 06:26:53 +0000 (06:26 +0000)
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog

index ea14949..672a815 100644 (file)
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2012-04-16  David Barr  <davidbarr@chromium.org>
+
+        Stack overflow in CSS parser caused by recursive stylesheet import
+        https://bugs.webkit.org/show_bug.cgi?id=83545
+
+        Reviewed by Ryosuke Niwa.
+
+        * http/tests/css/css-imports-redirect-cycle-expected.txt: Added.
+        * http/tests/css/css-imports-redirect-cycle.css: Added.
+        * http/tests/css/css-imports-redirect-cycle.html: Added.
+
  2012-04-16  Takashi Toyoshima  <toyoshim@chromium.org>
  
          Unreviewed, skip one more worker WebSocket test.
diff --git a/LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt b/LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt

new file mode 100644 (file)

index 0000000..8b13789
--- /dev/null
+++ b/LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt
@@ -0,0 +1 @@
+
diff --git a/LayoutTests/http/tests/css/css-imports-redirect-cycle.css b/LayoutTests/http/tests/css/css-imports-redirect-cycle.css

new file mode 100644 (file)

index 0000000..cd3f0c4
--- /dev/null
+++ b/LayoutTests/http/tests/css/css-imports-redirect-cycle.css
@@ -0,0 +1 @@
+@import url("../resources/redirect.php?url=../css/css-imports-redirect-cycle.css");
diff --git a/LayoutTests/http/tests/css/css-imports-redirect-cycle.html b/LayoutTests/http/tests/css/css-imports-redirect-cycle.html

new file mode 100644 (file)

index 0000000..f2c54cb
--- /dev/null
+++ b/LayoutTests/http/tests/css/css-imports-redirect-cycle.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.layoutTestController)
+  layoutTestController.dumpAsText();
+</script>
+<link href="css-imports-redirect-cycle.css" rel="stylesheet">
+</head>
+<body></body>
+</html>
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog

index f620507..a893bc6 100644 (file)
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2012-04-16  David Barr  <davidbarr@chromium.org>
+
+        Stack overflow in CSS parser caused by recursive stylesheet import
+        https://bugs.webkit.org/show_bug.cgi?id=83545
+
+        Reviewed by Ryosuke Niwa.
+
+        Test: http/tests/css/css-imports-redirect-cycle.html
+
+        * css/CSSImportRule.cpp:
+        (WebCore::StyleRuleImport::requestStyleSheet):
+
  2012-04-16  Kent Tamura  <tkent@chromium.org>
  
          Rename LocalizedNumberICU.h to ICULocale.h
diff --git a/Source/WebCore/css/CSSImportRule.cpp b/Source/WebCore/css/CSSImportRule.cpp

index 41c7f3e..f2912f4 100644 (file)
--- a/Source/WebCore/css/CSSImportRule.cpp
+++ b/Source/WebCore/css/CSSImportRule.cpp
@@ -137,7 +137,7 @@ void StyleRuleImport::requestStyleSheet()
      StyleSheetInternal* rootSheet = m_parentStyleSheet;
      for (StyleSheetInternal* sheet = m_parentStyleSheet; sheet; sheet = sheet->parentStyleSheet()) {
          // FIXME: This is wrong if the finalURL was updated via document::updateBaseURL.
-        if (absHref == sheet->finalURL().string())
+        if (absHref == sheet->finalURL().string() || absHref == sheet->originalURL())
              return;
          rootSheet = sheet;
      }
author	commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Tue, 17 Apr 2012 06:26:53 +0000 (06:26 +0000)
committer	commit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Tue, 17 Apr 2012 06:26:53 +0000 (06:26 +0000)
LayoutTests/ChangeLog		patch \| blob \| history
LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt	[new file with mode: 0644]	patch \| blob
LayoutTests/http/tests/css/css-imports-redirect-cycle.css	[new file with mode: 0644]	patch \| blob
LayoutTests/http/tests/css/css-imports-redirect-cycle.html	[new file with mode: 0644]	patch \| blob
Source/WebCore/ChangeLog		patch \| blob \| history
Source/WebCore/css/CSSImportRule.cpp		patch \| blob \| history