Source/WebCore/css/CSSParser.cpp - Issue 8386038: Merge 98374 - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(154)

My Issues | Starred Open | Closed | All

Unified Diff: Source/WebCore/css/CSSParser.cpp

Issue 8386038: Merge 98374 (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/912/

Patch Set: Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: Source/WebCore/css/CSSParser.cpp

===================================================================

--- Source/WebCore/css/CSSParser.cpp (revision 99073)

+++ Source/WebCore/css/CSSParser.cpp (working copy)

@@ -615,9 +615,9 @@

{

OwnPtr<CSSProperty> prop(adoptPtr(new CSSProperty(propId, value, important, m_currentShorthand, m_implicitShorthand)));

if (m_numParsedProperties >= m_maxParsedProperties) {

+ if (m_numParsedProperties > (UINT_MAX / sizeof(CSSProperty*)) - 32)

+ CRASH(); // Avoid inconsistencies with rollbackLastProperties.

m_maxParsedProperties += 32;

- if (m_maxParsedProperties > UINT_MAX / sizeof(CSSProperty*))

- return;

m_parsedProperties = static_cast<CSSProperty**>(fastRealloc(m_parsedProperties,

m_maxParsedProperties * sizeof(CSSProperty*)));

}

« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698