Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(200)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 229793004: Add CharacterData.deleteData()/replaceData() overflow handling. (Closed)

Created:
6 years, 8 months ago by sof
Modified:
6 years, 8 months ago
CC:
blink-reviews, sof, eae+blinkwatch, dglazkov+blink, adamk+blink_chromium.org, Inactive, rwlbuis, jbutler, yurys, jianli
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Visibility:
Public.

Description

Add CharacterData.deleteData()/replaceData() overflow handling. If the offset and count exceed the underlying length, the spec tells us http://dom.spec.whatwg.org/#concept-cd-replace (step 3) to use a count that is equal to length minus the offset. Perform that check in an overflow-sensitive manner. (Change based on https://codereview.chromium.org/188693007/ ) R= BUG=349898 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=171165

Patch Set 1 #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+80 lines, -21 lines) Patch
A LayoutTests/fast/dom/Range/deleteData-replaceData-count-overflow.html View 1 chunk +37 lines, -0 lines 0 comments Download
A LayoutTests/fast/dom/Range/deleteData-replaceData-count-overflow-expected.txt View 1 chunk +19 lines, -0 lines 0 comments Download
M Source/core/dom/CharacterData.cpp View 2 chunks +23 lines, -20 lines 2 comments Download
M Source/core/editing/FrameSelection.cpp View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 6 (0 generated)
sof
When you have a moment, please take a look. Continuing (and hopefully completing) https://codereview.chromium.org/188693007/
6 years, 8 months ago (2014-04-09 09:34:33 UTC) #1
eseidel
lgtm
6 years, 8 months ago (2014-04-09 17:48:39 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/sigbjornf@opera.com/229793004/1
6 years, 8 months ago (2014-04-09 17:48:46 UTC) #3
commit-bot: I haz the power
Change committed as 171165
6 years, 8 months ago (2014-04-09 19:00:35 UTC) #4
tapted
+gardeners https://codereview.chromium.org/229793004/diff/1/Source/core/dom/CharacterData.cpp File Source/core/dom/CharacterData.cpp (right): https://codereview.chromium.org/229793004/diff/1/Source/core/dom/CharacterData.cpp#newcode146 Source/core/dom/CharacterData.cpp:146: newStr.remove(offset, realCount); [sheriff] hi there! gcc is generating ...
6 years, 8 months ago (2014-04-10 03:16:18 UTC) #5
sof
6 years, 8 months ago (2014-04-10 06:58:54 UTC) #6
Message was sent while issue was closed. 
https://codereview.chromium.org/229793004/diff/1/Source/core/dom/CharacterDat...
File Source/core/dom/CharacterData.cpp (right):

https://codereview.chromium.org/229793004/diff/1/Source/core/dom/CharacterDat...
Source/core/dom/CharacterData.cpp:146: newStr.remove(offset, realCount);
On 2014/04/10 03:16:18, tapted wrote:
> [sheriff] hi there! gcc is generating a warning here:
CharacterData.cpp:146:36:
> error: 'realCount' may be used uninitialized in this function
> [-Werror=maybe-uninitialized]
> chromeos-chrome-36.0.1933.0_alpha-r1:      newStr.remove(offset, realCount);
> 
> It's coming up in the chrome tree, so I think we need to revert that blink
roll.

Thanks (what gcc version?)

https://codereview.chromium.org/232603002/ to address. Or if it results in fewer
bumps to revert this CL & combine the two, that can alternatively be done.

Powered by Google App Engine
This is Rietveld 408576698