Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/css/parser/CSSPropertyParser.cpp

Issue 223673008: [CSS Shapes] CRASH with calc() value args in inset round (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/fast/shapes/shape-outside-floats/shape-outside-inset-round-calc-crash-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2003 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 2003 Lars Knoll (knoll@kde.org)
3 * Copyright (C) 2005 Allan Sandfeld Jensen (kde@carewolf.com) 3 * Copyright (C) 2005 Allan Sandfeld Jensen (kde@carewolf.com)
4 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Apple Inc. All rights reserved. 4 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Apple Inc. All rights reserved.
5 * Copyright (C) 2007 Nicholas Shanks <webkit@nickshanks.com> 5 * Copyright (C) 2007 Nicholas Shanks <webkit@nickshanks.com>
6 * Copyright (C) 2008 Eric Seidel <eric@webkit.org> 6 * Copyright (C) 2008 Eric Seidel <eric@webkit.org>
7 * Copyright (C) 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmo bile.com/) 7 * Copyright (C) 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmo bile.com/)
8 * Copyright (C) 2012 Adobe Systems Incorporated. All rights reserved. 8 * Copyright (C) 2012 Adobe Systems Incorporated. All rights reserved.
9 * Copyright (C) 2012 Intel Corporation. All rights reserved. 9 * Copyright (C) 2012 Intel Corporation. All rights reserved.
10 * 10 *
(...skipping 4005 matching lines...) Expand 10 before | Expand all | Expand 10 after
4016 4016
4017 // FIXME: This should be refactored with CSSParser::parseBorderRadius. 4017 // FIXME: This should be refactored with CSSParser::parseBorderRadius.
4018 // CSSParser::parseBorderRadius contains support for some legacy radius construc tion. 4018 // CSSParser::parseBorderRadius contains support for some legacy radius construc tion.
4019 PassRefPtrWillBeRawPtr<CSSBasicShape> CSSPropertyParser::parseInsetRoundedCorner s(PassRefPtrWillBeRawPtr<CSSBasicShapeInset> shape, CSSParserValueList* args) 4019 PassRefPtrWillBeRawPtr<CSSBasicShape> CSSPropertyParser::parseInsetRoundedCorner s(PassRefPtrWillBeRawPtr<CSSBasicShapeInset> shape, CSSParserValueList* args)
4020 { 4020 {
4021 CSSParserValue* argument = args->next(); 4021 CSSParserValue* argument = args->next();
4022 4022
4023 if (!argument) 4023 if (!argument)
4024 return nullptr; 4024 return nullptr;
4025 4025
4026 CSSParserValueList radiusArguments; 4026 Vector<CSSParserValue*> radiusArguments;
4027 while (argument) { 4027 while (argument) {
4028 radiusArguments.addValue(*argument); 4028 radiusArguments.append(argument);
4029 argument = args->next(); 4029 argument = args->next();
4030 } 4030 }
4031 4031
4032 unsigned num = radiusArguments.size(); 4032 unsigned num = radiusArguments.size();
4033 if (!num || num > 9) 4033 if (!num || num > 9)
4034 return nullptr; 4034 return nullptr;
4035 4035
4036 // FIXME: Refactor completeBorderRadii and the array 4036 // FIXME: Refactor completeBorderRadii and the array
4037 RefPtrWillBeRawPtr<CSSPrimitiveValue> radii[2][4]; 4037 RefPtrWillBeRawPtr<CSSPrimitiveValue> radii[2][4];
4038 #if ENABLE(OILPAN) 4038 #if ENABLE(OILPAN)
4039 // Zero initialize the array of raw pointers. 4039 // Zero initialize the array of raw pointers.
4040 memset(&radii, 0, sizeof(radii)); 4040 memset(&radii, 0, sizeof(radii));
4041 #endif 4041 #endif
4042 4042
4043 unsigned indexAfterSlash = 0; 4043 unsigned indexAfterSlash = 0;
4044 for (unsigned i = 0; i < num; ++i) { 4044 for (unsigned i = 0; i < num; ++i) {
4045 CSSParserValue* value = radiusArguments.valueAt(i); 4045 CSSParserValue* value = radiusArguments.at(i);
4046 if (value->unit == CSSParserValue::Operator) { 4046 if (value->unit == CSSParserValue::Operator) {
4047 if (value->iValue != '/') 4047 if (value->iValue != '/')
4048 return nullptr; 4048 return nullptr;
4049 4049
4050 if (!i || indexAfterSlash || i + 1 == num) 4050 if (!i || indexAfterSlash || i + 1 == num)
4051 return nullptr; 4051 return nullptr;
4052 4052
4053 indexAfterSlash = i + 1; 4053 indexAfterSlash = i + 1;
4054 completeBorderRadii(radii[0]); 4054 completeBorderRadii(radii[0]);
4055 continue; 4055 continue;
(...skipping 4399 matching lines...) Expand 10 before | Expand all | Expand 10 after
8455 parsedValues->append(CSSPrimitiveValue::createIdentifier(CSSValueFill)); 8455 parsedValues->append(CSSPrimitiveValue::createIdentifier(CSSValueFill));
8456 if (!seenStroke) 8456 if (!seenStroke)
8457 parsedValues->append(CSSPrimitiveValue::createIdentifier(CSSValueStroke) ); 8457 parsedValues->append(CSSPrimitiveValue::createIdentifier(CSSValueStroke) );
8458 if (!seenMarkers) 8458 if (!seenMarkers)
8459 parsedValues->append(CSSPrimitiveValue::createIdentifier(CSSValueMarkers )); 8459 parsedValues->append(CSSPrimitiveValue::createIdentifier(CSSValueMarkers ));
8460 8460
8461 return parsedValues.release(); 8461 return parsedValues.release();
8462 } 8462 }
8463 8463
8464 } // namespace WebCore 8464 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/fast/shapes/shape-outside-floats/shape-outside-inset-round-calc-crash-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698