Chromium Code Reviews Chromium Code Reviews
Issue 229793004:
Add CharacterData.deleteData()/replaceData() overflow handling. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. | 4 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. |
| 5 * | 5 * |
| 6 * This library is free software; you can redistribute it and/or | 6 * This library is free software; you can redistribute it and/or |
| 7 * modify it under the terms of the GNU Library General Public | 7 * modify it under the terms of the GNU Library General Public |
| 8 * License as published by the Free Software Foundation; either | 8 * License as published by the Free Software Foundation; either |
| 9 * version 2 of the License, or (at your option) any later version. | 9 * version 2 of the License, or (at your option) any later version. |
| 10 * | 10 * |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 25 #include "bindings/v8/ExceptionState.h" | 25 #include "bindings/v8/ExceptionState.h" |
| 26 #include "core/dom/Document.h" | 26 #include "core/dom/Document.h" |
| 27 #include "core/dom/ExceptionCode.h" | 27 #include "core/dom/ExceptionCode.h" |
| 28 #include "core/dom/MutationObserverInterestGroup.h" | 28 #include "core/dom/MutationObserverInterestGroup.h" |
| 29 #include "core/dom/MutationRecord.h" | 29 #include "core/dom/MutationRecord.h" |
| 30 #include "core/dom/ProcessingInstruction.h" | 30 #include "core/dom/ProcessingInstruction.h" |
| 31 #include "core/dom/Text.h" | 31 #include "core/dom/Text.h" |
| 32 #include "core/editing/FrameSelection.h" | 32 #include "core/editing/FrameSelection.h" |
| 33 #include "core/events/MutationEvent.h" | 33 #include "core/events/MutationEvent.h" |
| 34 #include "core/inspector/InspectorInstrumentation.h" | 34 #include "core/inspector/InspectorInstrumentation.h" |
| 35 | 35 #include "wtf/CheckedArithmetic.h" |
| 36 using namespace std; | |
| 37 | 36 |
| 38 namespace WebCore { | 37 namespace WebCore { |
| 39 | 38 |
| 40 void CharacterData::atomize() | 39 void CharacterData::atomize() |
| 41 { | 40 { |
| 42 m_data = AtomicString(m_data); | 41 m_data = AtomicString(m_data); |
| 43 } | 42 } |
| 44 | 43 |
| 45 void CharacterData::setData(const String& data) | 44 void CharacterData::setData(const String& data) |
| 46 { | 45 { |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 98 } | 97 } |
| 99 | 98 |
| 100 String newStr = m_data; | 99 String newStr = m_data; |
| 101 newStr.insert(data, offset); | 100 newStr.insert(data, offset); |
| 102 | 101 |
| 103 setDataAndUpdate(newStr, offset, 0, data.length(), recalcStyleBehavior); | 102 setDataAndUpdate(newStr, offset, 0, data.length(), recalcStyleBehavior); |
| 104 | 103 |
| 105 document().didInsertText(this, offset, data.length()); | 104 document().didInsertText(this, offset, data.length()); |
| 106 } | 105 } |
| 107 | 106 |
| 107 static bool validateOffsetCount(unsigned offset, unsigned count, unsigned length , unsigned& realCount, ExceptionState& exceptionState) | |
| 108 { | |
| 109 if (offset > length) { | |
| 110 exceptionState.throwDOMException(IndexSizeError, "The offset " + String: :number(offset) + " is greater than the node's length (" + String::number(length ) + ")."); | |
| 111 return false; | |
| 112 } | |
| 113 | |
| 114 Checked<unsigned, RecordOverflow> offsetCount = offset; | |
| 115 offsetCount += count; | |
| 116 | |
| 117 if (offsetCount.hasOverflowed() || offset + count > length) | |
| 118 realCount = length - offset; | |
| 119 else | |
| 120 realCount = count; | |
| 121 | |
| 122 return true; | |
| 123 } | |
| 124 | |
| 108 void CharacterData::deleteData(unsigned offset, unsigned count, ExceptionState& exceptionState, RecalcStyleBehavior recalcStyleBehavior) | 125 void CharacterData::deleteData(unsigned offset, unsigned count, ExceptionState& exceptionState, RecalcStyleBehavior recalcStyleBehavior) |
| 109 { | 126 { |
| 110 if (offset > length()) { | 127 unsigned realCount; |
| 111 exceptionState.throwDOMException(IndexSizeError, "The offset " + String: :number(offset) + " is greater than the node's length (" + String::number(length ()) + ")."); | 128 if (!validateOffsetCount(offset, count, length(), realCount, exceptionState) ) |
| 112 return; | 129 return; |
| 113 } | |
| 114 | |
| 115 unsigned realCount; | |
| 116 if (offset + count > length()) | |
| 117 realCount = length() - offset; | |
| 118 else | |
| 119 realCount = count; | |
| 120 | 130 |
| 121 String newStr = m_data; | 131 String newStr = m_data; |
| 122 newStr.remove(offset, realCount); | 132 newStr.remove(offset, realCount); |
| 123 | 133 |
| 124 setDataAndUpdate(newStr, offset, count, 0, recalcStyleBehavior); | 134 setDataAndUpdate(newStr, offset, realCount, 0, recalcStyleBehavior); |
| 125 | 135 |
| 126 document().didRemoveText(this, offset, realCount); | 136 document().didRemoveText(this, offset, realCount); |
| 127 } | 137 } |
| 128 | 138 |
| 129 void CharacterData::replaceData(unsigned offset, unsigned count, const String& d ata, ExceptionState& exceptionState) | 139 void CharacterData::replaceData(unsigned offset, unsigned count, const String& d ata, ExceptionState& exceptionState) |
| 130 { | 140 { |
| 131 if (offset > length()) { | 141 unsigned realCount; |
| 132 exceptionState.throwDOMException(IndexSizeError, "The offset " + String: :number(offset) + " is greater than the node's length (" + String::number(length ()) + ")."); | 142 if (!validateOffsetCount(offset, count, length(), realCount, exceptionState) ) |
| 133 return; | 143 return; |
| 134 } | |
| 135 | |
| 136 unsigned realCount; | |
| 137 if (offset + count > length()) | |
| 138 realCount = length() - offset; | |
| 139 else | |
| 140 realCount = count; | |
| 141 | 144 |
| 142 String newStr = m_data; | 145 String newStr = m_data; |
| 143 newStr.remove(offset, realCount); | 146 newStr.remove(offset, realCount); |
|
tapted
2014/04/10 03:16:18
[sheriff] hi there! gcc is generating a warning he
sof
2014/04/10 06:58:54
Thanks (what gcc version?)
https://codereview.chr
| |
| 144 newStr.insert(data, offset); | 147 newStr.insert(data, offset); |
| 145 | 148 |
| 146 setDataAndUpdate(newStr, offset, count, data.length()); | 149 setDataAndUpdate(newStr, offset, realCount, data.length()); |
| 147 | 150 |
| 148 // update the markers for spell checking and grammar checking | 151 // update the markers for spell checking and grammar checking |
| 149 document().didRemoveText(this, offset, realCount); | 152 document().didRemoveText(this, offset, realCount); |
| 150 document().didInsertText(this, offset, data.length()); | 153 document().didInsertText(this, offset, data.length()); |
| 151 } | 154 } |
| 152 | 155 |
| 153 String CharacterData::nodeValue() const | 156 String CharacterData::nodeValue() const |
| 154 { | 157 { |
| 155 return m_data; | 158 return m_data; |
| 156 } | 159 } |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 204 { | 207 { |
| 205 return static_cast<int>(length()); | 208 return static_cast<int>(length()); |
| 206 } | 209 } |
| 207 | 210 |
| 208 bool CharacterData::offsetInCharacters() const | 211 bool CharacterData::offsetInCharacters() const |
| 209 { | 212 { |
| 210 return true; | 213 return true; |
| 211 } | 214 } |
| 212 | 215 |
| 213 } // namespace WebCore | 216 } // namespace WebCore |
| OLD | NEW |
