From e892ca9f25496a4c0d8b833be9f10273ab0c4f06 Mon Sep 17 00:00:00 2001 From: "pfeldman@chromium.org" Date: Mon, 5 Mar 2012 15:07:50 +0000 Subject: [PATCH] Web Inspector: check for the number of parsed css properties. https://bugs.webkit.org/show_bug.cgi?id=80268 Reviewed by Vsevolod Vlasov. Source/WebCore: Test: inspector/styles/set-property-boundaries.html * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::didRemoveDOMNode): * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyle::setPropertyText): LayoutTests: * inspector/styles/set-property-boundaries-expected.txt: Added. * inspector/styles/set-property-boundaries.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109741 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- LayoutTests/ChangeLog | 10 ++++ .../styles/set-property-boundaries-expected.txt | 5 ++ .../inspector/styles/set-property-boundaries.html | 64 ++++++++++++++++++++++ Source/WebCore/ChangeLog | 14 +++++ Source/WebCore/inspector/InspectorCSSAgent.cpp | 4 +- Source/WebCore/inspector/InspectorStyleSheet.cpp | 4 ++ 6 files changed, 98 insertions(+), 3 deletions(-) create mode 100644 LayoutTests/inspector/styles/set-property-boundaries-expected.txt create mode 100644 LayoutTests/inspector/styles/set-property-boundaries.html diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog index 67f36b8..2dc68b7 100644 --- a/LayoutTests/ChangeLog +++ b/LayoutTests/ChangeLog @@ -1,3 +1,13 @@ +2012-03-05 Pavel Feldman + + Web Inspector: check for the number of parsed css properties. + https://bugs.webkit.org/show_bug.cgi?id=80268 + + Reviewed by Vsevolod Vlasov. + + * inspector/styles/set-property-boundaries-expected.txt: Added. + * inspector/styles/set-property-boundaries.html: Added. + 2012-03-02 Alexander Pavlov Web Inspector: [Styles] [CRASH] Handle rule addition and inline style editing failure due to Content-Security-Policy in the page diff --git a/LayoutTests/inspector/styles/set-property-boundaries-expected.txt b/LayoutTests/inspector/styles/set-property-boundaries-expected.txt new file mode 100644 index 0000000..63c980e --- /dev/null +++ b/LayoutTests/inspector/styles/set-property-boundaries-expected.txt @@ -0,0 +1,5 @@ +Tests that setting CSS property text out of boundaries does not crash. + +color: red; +Server error(-32000): INDEX_SIZE_ERR. + diff --git a/LayoutTests/inspector/styles/set-property-boundaries.html b/LayoutTests/inspector/styles/set-property-boundaries.html new file mode 100644 index 0000000..92a95d6 --- /dev/null +++ b/LayoutTests/inspector/styles/set-property-boundaries.html @@ -0,0 +1,64 @@ + + + + + + + + + + + +

+Tests that setting CSS property text out of boundaries does not crash. +

+ + diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog index 055c3a3..d95ae3c 100644 --- a/Source/WebCore/ChangeLog +++ b/Source/WebCore/ChangeLog @@ -1,3 +1,17 @@ +2012-03-05 Pavel Feldman + + Web Inspector: check for the number of parsed css properties. + https://bugs.webkit.org/show_bug.cgi?id=80268 + + Reviewed by Vsevolod Vlasov. + + Test: inspector/styles/set-property-boundaries.html + + * inspector/InspectorCSSAgent.cpp: + (WebCore::InspectorCSSAgent::didRemoveDOMNode): + * inspector/InspectorStyleSheet.cpp: + (WebCore::InspectorStyle::setPropertyText): + 2012-03-05 Vsevolod Vlasov Web Inspector: Tabbed pane should redraw tab elements when tab is closed. diff --git a/Source/WebCore/inspector/InspectorCSSAgent.cpp b/Source/WebCore/inspector/InspectorCSSAgent.cpp index f0f965d..bd9c335 100644 --- a/Source/WebCore/inspector/InspectorCSSAgent.cpp +++ b/Source/WebCore/inspector/InspectorCSSAgent.cpp @@ -988,10 +988,8 @@ void InspectorCSSAgent::didRemoveDOMNode(Node* node) if (!node) return; - if (m_lastElementWithPseudoState.get() == node) { + if (m_lastElementWithPseudoState.get() == node) clearPseudoState(false); - return; - } NodeToInspectorStyleSheet::iterator it = m_nodeToInspectorStyleSheet.find(node); if (it == m_nodeToInspectorStyleSheet.end()) diff --git a/Source/WebCore/inspector/InspectorStyleSheet.cpp b/Source/WebCore/inspector/InspectorStyleSheet.cpp index 898a7d5..f0ae7b1 100644 --- a/Source/WebCore/inspector/InspectorStyleSheet.cpp +++ b/Source/WebCore/inspector/InspectorStyleSheet.cpp @@ -331,6 +331,10 @@ bool InspectorStyle::setPropertyText(unsigned index, const String& propertyText, InspectorStyleTextEditor editor(&allProperties, &m_disabledProperties, text, newLineAndWhitespaceDelimiters()); if (overwrite) { + if (index >= allProperties.size()) { + ec = INDEX_SIZE_ERR; + return false; + } *oldText = allProperties.at(index).rawText; editor.replaceProperty(index, propertyText); } else -- 2.7.4