| Index: third_party/WebKit/Source/core/css/CSSSelectorTest.cpp
|
| diff --git a/third_party/WebKit/Source/core/css/CSSSelectorTest.cpp b/third_party/WebKit/Source/core/css/CSSSelectorTest.cpp
|
| index 571370518d1c7bc4d69f14c815372b02537b10ae..f0a10d93a40cf9e8e4e4f06a3a08681bfcaca9fc 100644
|
| --- a/third_party/WebKit/Source/core/css/CSSSelectorTest.cpp
|
| +++ b/third_party/WebKit/Source/core/css/CSSSelectorTest.cpp
|
| @@ -54,4 +54,36 @@ TEST(CSSSelector, Representations)
|
| #endif
|
| }
|
|
|
| +TEST(CSSSelector, OverflowRareDataMatchNth)
|
| +{
|
| + int maxInt = std::numeric_limits<int>::max();
|
| + int minInt = std::numeric_limits<int>::min();
|
| + CSSSelector selector;
|
| +
|
| + // Overflow count - b (maxInt - -1 = maxInt + 1)
|
| + selector.setNth(1, -1);
|
| + EXPECT_FALSE(selector.matchNth(maxInt));
|
| + // 0 - (minInt) = maxInt + 1
|
| + selector.setNth(1, minInt);
|
| + EXPECT_FALSE(selector.matchNth(0));
|
| + // minInt - 1
|
| + selector.setNth(1, 1);
|
| + EXPECT_FALSE(selector.matchNth(minInt));
|
| +
|
| + // Overflow b - count (0 - minInt = maxInt + 1)
|
| + selector.setNth(-1, 0);
|
| + EXPECT_FALSE(selector.matchNth(minInt));
|
| + // maxInt - -1 = maxInt + 1
|
| + selector.setNth(-1, maxInt);
|
| + EXPECT_FALSE(selector.matchNth(-1));
|
| + // minInt - 1
|
| + selector.setNth(-1, minInt);
|
| + EXPECT_FALSE(selector.matchNth(1));
|
| +
|
| + // a shouldn't negate to itself (and minInt negates to itself).
|
| + // Note: This test can only fail when using ubsan.
|
| + selector.setNth(minInt, 10);
|
| + EXPECT_FALSE(selector.matchNth(2));
|
| +}
|
| +
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 2191253002:
Prevent integer overflows in ANPlusB handling (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master