Issue 2121703002: Change HTMLTokenizer::Attribute::Range.start initial invalid value from 0 -> -1

Issue 2121703002: Change HTMLTokenizer::Attribute::Range.start initial invalid value from 0 -> -1 (Closed)

Created:
4 years, 5 months ago by kouhei (in TOK)

Modified:
4 years, 5 months ago

Reviewers:
Yoav Weiss, dominicc (has gone to gerrit), Charlie Harrison

CC:
blink-reviews, blink-reviews-html_chromium.org, chromium-reviews, dglazkov+blink, kinuko+watch

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Change HTMLTokenizer::Attribute::Range.start initial invalid value from 0 -> -1 In rare cases, BackgroundHTMLParser may feed input SegmentedString starting w/ attribute name=value pairs. This CL fixes ASSERT failures in such cases. Before this CL, the attribute {name,value} range start offset initial value was set to 0. This was based on the assumption that attribute name=value pairs never have input stream offset of 0. However, this assumption doesn't hold when BackgroundHTMLParser has XSSAuditor disabled and accurate offset tracking has been disabled. This CL changes the initial invalid value to -1 to avoid the issue. BUG=619141 Committed: https://crrev.com/f87027a2bc99f6d40faa7e24174d2b210b58b120 Cr-Commit-Position: refs/heads/master@{#404150}

Patch Set 1 #

Total comments: 6

Patch Set 2 : update check #

Total comments: 2

Created: 4 years, 5 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+71 lines, -16 lines)			Patch
M	third_party/WebKit/Source/core/core.gypi	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	third_party/WebKit/Source/core/html/parser/AtomicHTMLToken.h	View		1 chunk	+2 lines, -4 lines	0 comments	Download
M	third_party/WebKit/Source/core/html/parser/HTMLToken.h	View	1	4 chunks	+36 lines, -12 lines	2 comments	Download
A	third_party/WebKit/Source/core/html/parser/HTMLTokenizerTest.cpp	View		1 chunk	+32 lines, -0 lines	0 comments	Download

Messages

Total messages: 24 (7 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2121703002/1

4 years, 5 months ago (2016-07-04 08:35:38 UTC) #2

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 5 months ago (2016-07-04 09:12:34 UTC) #6

Yoav Weiss

https://codereview.chromium.org/2121703002/diff/1/third_party/WebKit/Source/core/html/parser/HTMLToken.h File third_party/WebKit/Source/core/html/parser/HTMLToken.h (left): https://codereview.chromium.org/2121703002/diff/1/third_party/WebKit/Source/core/html/parser/HTMLToken.h#oldcode340 third_party/WebKit/Source/core/html/parser/HTMLToken.h:340: m_currentAttribute->mutableValueRange().start = offset - m_baseOffset; Alternatively, maybe DCHECK here ...

4 years, 5 months ago (2016-07-04 09:19:39 UTC) #7

dominicc (has gone to gerrit)

https://codereview.chromium.org/2121703002/diff/1/third_party/WebKit/Source/core/html/parser/HTMLToken.h File third_party/WebKit/Source/core/html/parser/HTMLToken.h (right): https://codereview.chromium.org/2121703002/diff/1/third_party/WebKit/Source/core/html/parser/HTMLToken.h#newcode94 third_party/WebKit/Source/core/html/parser/HTMLToken.h:94: inline void checkValidStart() const I'm not sure checkValidStart and ...

4 years, 5 months ago (2016-07-05 01:08:10 UTC) #8

kouhei (in TOK)

https://codereview.chromium.org/2121703002/diff/1/third_party/WebKit/Source/core/html/parser/HTMLToken.h File third_party/WebKit/Source/core/html/parser/HTMLToken.h (right): https://codereview.chromium.org/2121703002/diff/1/third_party/WebKit/Source/core/html/parser/HTMLToken.h#newcode94 third_party/WebKit/Source/core/html/parser/HTMLToken.h:94: inline void checkValidStart() const On 2016/07/05 01:08:10, dominicc wrote: ...

4 years, 5 months ago (2016-07-05 03:57:14 UTC) #9

Charlie Harrison

Looks like some tests are failing. Otherwise LG. https://codereview.chromium.org/2121703002/diff/20001/third_party/WebKit/Source/core/html/parser/HTMLToken.h File third_party/WebKit/Source/core/html/parser/HTMLToken.h (right): https://codereview.chromium.org/2121703002/diff/20001/third_party/WebKit/Source/core/html/parser/HTMLToken.h#newcode97 third_party/WebKit/Source/core/html/parser/HTMLToken.h:97: DCHECK(start ...

4 years, 5 months ago (2016-07-06 13:50:38 UTC) #11

kouhei (in TOK)

On 2016/07/06 13:50:38, csharrison wrote: > Looks like some tests are failing. Otherwise LG. To ...

4 years, 5 months ago (2016-07-07 05:59:29 UTC) #12

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2121703002/20001

4 years, 5 months ago (2016-07-07 09:56:37 UTC) #14

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

4 years, 5 months ago (2016-07-07 11:12:22 UTC) #16

kouhei (in TOK)

On 2016/07/07 12:05:21, csharrison wrote: > lgtm % optional nits. Thanks. Let me TBR the ...

4 years, 5 months ago (2016-07-07 13:45:52 UTC) #18

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2121703002/20001

4 years, 5 months ago (2016-07-07 13:46:12 UTC) #20

commit-bot: I haz the power

Description was changed from ========== Change HTMLTokenizer::Attribute::Range.start initial invalid value from 0 -> -1 In ...

4 years, 5 months ago (2016-07-07 13:52:58 UTC) #23

commit-bot: I haz the power

4 years, 5 months ago (2016-07-07 13:52:59 UTC) #24

Message was sent while issue was closed.

Patchset 2 (id:??) landed as
https://crrev.com/f87027a2bc99f6d40faa7e24174d2b210b58b120
Cr-Commit-Position: refs/heads/master@{#404150}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages