From 3b5b6ced16d08200dadda0cd17f1e383528f1cd0 Mon Sep 17 00:00:00 2001
From: "commit-queue@webkit.org"
 <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue, 17 Apr 2012 06:26:53 +0000
Subject: [PATCH] Stack overflow in CSS parser caused by recursive stylesheet
 import https://bugs.webkit.org/show_bug.cgi?id=83545

Patch by David Barr <davidbarr@chromium.org> on 2012-04-16
Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: http/tests/css/css-imports-redirect-cycle.html

* css/CSSImportRule.cpp:
(WebCore::StyleRuleImport::requestStyleSheet):

LayoutTests:

* http/tests/css/css-imports-redirect-cycle-expected.txt: Added.
* http/tests/css/css-imports-redirect-cycle.css: Added.
* http/tests/css/css-imports-redirect-cycle.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@114350 268f45cc-cd09-0410-ab3c-d52691b4dbfc
---
 LayoutTests/ChangeLog                                        | 11 +++++++++++
 .../http/tests/css/css-imports-redirect-cycle-expected.txt   |  1 +
 LayoutTests/http/tests/css/css-imports-redirect-cycle.css    |  1 +
 LayoutTests/http/tests/css/css-imports-redirect-cycle.html   | 11 +++++++++++
 Source/WebCore/ChangeLog                                     | 12 ++++++++++++
 Source/WebCore/css/CSSImportRule.cpp                         |  2 +-
 6 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt
 create mode 100644 LayoutTests/http/tests/css/css-imports-redirect-cycle.css
 create mode 100644 LayoutTests/http/tests/css/css-imports-redirect-cycle.html

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index ea14949..672a815 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2012-04-16  David Barr  <davidbarr@chromium.org>
+
+        Stack overflow in CSS parser caused by recursive stylesheet import
+        https://bugs.webkit.org/show_bug.cgi?id=83545
+
+        Reviewed by Ryosuke Niwa.
+
+        * http/tests/css/css-imports-redirect-cycle-expected.txt: Added.
+        * http/tests/css/css-imports-redirect-cycle.css: Added.
+        * http/tests/css/css-imports-redirect-cycle.html: Added.
+
 2012-04-16  Takashi Toyoshima  <toyoshim@chromium.org>
 
         Unreviewed, skip one more worker WebSocket test.
diff --git a/LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt b/LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/LayoutTests/http/tests/css/css-imports-redirect-cycle-expected.txt
@@ -0,0 +1 @@
+
diff --git a/LayoutTests/http/tests/css/css-imports-redirect-cycle.css b/LayoutTests/http/tests/css/css-imports-redirect-cycle.css
new file mode 100644
index 0000000..cd3f0c4
--- /dev/null
+++ b/LayoutTests/http/tests/css/css-imports-redirect-cycle.css
@@ -0,0 +1 @@
+@import url("../resources/redirect.php?url=../css/css-imports-redirect-cycle.css");
diff --git a/LayoutTests/http/tests/css/css-imports-redirect-cycle.html b/LayoutTests/http/tests/css/css-imports-redirect-cycle.html
new file mode 100644
index 0000000..f2c54cb
--- /dev/null
+++ b/LayoutTests/http/tests/css/css-imports-redirect-cycle.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.layoutTestController)
+  layoutTestController.dumpAsText();
+</script>
+<link href="css-imports-redirect-cycle.css" rel="stylesheet">
+</head>
+<body></body>
+</html>
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index f620507..a893bc6 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2012-04-16  David Barr  <davidbarr@chromium.org>
+
+        Stack overflow in CSS parser caused by recursive stylesheet import
+        https://bugs.webkit.org/show_bug.cgi?id=83545
+
+        Reviewed by Ryosuke Niwa.
+
+        Test: http/tests/css/css-imports-redirect-cycle.html
+
+        * css/CSSImportRule.cpp:
+        (WebCore::StyleRuleImport::requestStyleSheet):
+
 2012-04-16  Kent Tamura  <tkent@chromium.org>
 
         Rename LocalizedNumberICU.h to ICULocale.h
diff --git a/Source/WebCore/css/CSSImportRule.cpp b/Source/WebCore/css/CSSImportRule.cpp
index 41c7f3e..f2912f4 100644
--- a/Source/WebCore/css/CSSImportRule.cpp
+++ b/Source/WebCore/css/CSSImportRule.cpp
@@ -137,7 +137,7 @@ void StyleRuleImport::requestStyleSheet()
     StyleSheetInternal* rootSheet = m_parentStyleSheet;
     for (StyleSheetInternal* sheet = m_parentStyleSheet; sheet; sheet = sheet->parentStyleSheet()) {
         // FIXME: This is wrong if the finalURL was updated via document::updateBaseURL.
-        if (absHref == sheet->finalURL().string())
+        if (absHref == sheet->finalURL().string() || absHref == sheet->originalURL())
             return;
         rootSheet = sheet;
     }
-- 
2.7.4