Fix for CSS Variables tokenisation not checking CSS identifier length

Source/core/css/CSSParser.cpp

Index: Source/core/css/CSSParser.cpp
diff --git a/Source/core/css/CSSParser.cpp b/Source/core/css/CSSParser.cpp
index 062838412cd336fe3f578a4f04e25c720ef0e4bb..ba6d5693aec9669f6a2216fa2a8b59ca776041a4 100644
--- a/Source/core/css/CSSParser.cpp
+++ b/Source/core/css/CSSParser.cpp
@@ -10288,6 +10288,19 @@ inline void CSSParser::detectSupportsToken(int length)
     }
 }
 
+template <typename CharacterType>
+inline bool CSSParser::detectCSSVariablesToken(int length)
+{
+    if (length >= 13) {

[Steve Block, 2013/05/21 04:47:54]

if (length < 13)
    return false;

[alancutter (OOO until 2018), 2013/05/21 05:05:15]

Done.

+        CharacterType* name = tokenStart<CharacterType>();
+        ASSERT(name[0] == '-');

[Steve Block, 2013/05/21 04:47:54]

Can this assert be moved to the top of the function?

[alancutter (OOO until 2018), 2013/05/21 05:05:15]

Done.

+        if (name[11] == '-' && isIdentifierStartAfterDash(name + 12) && isEqualToCSSIdentifier(name + 1, "webkit-var"))

[Steve Block, 2013/05/21 04:47:54]

using sizeof() here as eric suggests would make this more readable

+            return true;
+    }
+    return false;
+}
+
+
 template <typename SrcCharacterType>
 int CSSParser::realLex(void* yylvalWithoutType)
 {
@@ -10472,7 +10485,7 @@ restartAfterComment:
             parseIdentifier(result, resultString, hasEscape);
             m_token = IDENT;
 
-            if (cssVariablesEnabled() && isEqualToCSSIdentifier(tokenStart<SrcCharacterType>() + 1, "webkit-var") && tokenStart<SrcCharacterType>()[11] == '-' && isIdentifierStartAfterDash(tokenStart<SrcCharacterType>() + 12))
+            if (cssVariablesEnabled() && detectCSSVariablesToken<SrcCharacterType>(result - tokenStart<SrcCharacterType>()))
                 m_token = VAR_DEFINITION;
             else if (*currentCharacter<SrcCharacterType>() == '(') {
                 m_token = FUNCTION;