Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(63)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/css/StylePropertySet.cpp

Issue 234823004: Heap-use-after-free in WebCore::MutableStylePropertySet::setProperty (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * (C) 1999-2003 Lars Knoll (knoll@kde.org) 2 * (C) 1999-2003 Lars Knoll (knoll@kde.org)
3 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012, 2013 Apple Inc. All rights reserved. 3 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012, 2013 Apple Inc. All rights reserved.
4 * Copyright (C) 2011 Research In Motion Limited. All rights reserved. 4 * Copyright (C) 2011 Research In Motion Limited. All rights reserved.
5 * Copyright (C) 2013 Intel Corporation. All rights reserved. 5 * Copyright (C) 2013 Intel Corporation. All rights reserved.
6 * 6 *
7 * This library is free software; you can redistribute it and/or 7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Library General Public 8 * modify it under the terms of the GNU Library General Public
9 * License as published by the Free Software Foundation; either 9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version. 10 * version 2 of the License, or (at your option) any later version.
(...skipping 439 matching lines...) Expand 10 before | Expand all | Expand 10 after
450 return true; 450 return true;
451 } 451 }
452 return false; 452 return false;
453 } 453 }
454 454
455 bool MutableStylePropertySet::removePropertiesInSet(const CSSPropertyID* set, un signed length) 455 bool MutableStylePropertySet::removePropertiesInSet(const CSSPropertyID* set, un signed length)
456 { 456 {
457 if (m_propertyVector.isEmpty()) 457 if (m_propertyVector.isEmpty())
458 return false; 458 return false;
459 459
460 WillBeHeapVector<CSSProperty, 4> newProperties; 460 WillBeHeapVector<CSSProperty> newProperties;
461 newProperties.reserveInitialCapacity(m_propertyVector.size()); 461 newProperties.reserveInitialCapacity(m_propertyVector.size());
462 462
463 unsigned initialSize = m_propertyVector.size(); 463 unsigned initialSize = m_propertyVector.size();
464 const CSSProperty* properties = m_propertyVector.data(); 464 const CSSProperty* properties = m_propertyVector.data();
465 for (unsigned n = 0; n < initialSize; ++n) { 465 for (unsigned n = 0; n < initialSize; ++n) {
466 const CSSProperty& property = properties[n]; 466 const CSSProperty& property = properties[n];
467 // Not quite sure if the isImportant test is needed but it matches the e xisting behavior. 467 // Not quite sure if the isImportant test is needed but it matches the e xisting behavior.
468 if (!property.isImportant() && containsId(set, length, property.id())) 468 if (!property.isImportant() && containsId(set, length, property.id()))
469 continue; 469 continue;
470 newProperties.append(property); 470 newProperties.append(property);
471 } 471 }
472 472
473 m_propertyVector.swap(newProperties); 473 m_propertyVector = newProperties;
474 return initialSize != m_propertyVector.size(); 474 return initialSize != m_propertyVector.size();
475 } 475 }
476 476
477 CSSProperty* MutableStylePropertySet::findCSSPropertyWithID(CSSPropertyID proper tyID) 477 CSSProperty* MutableStylePropertySet::findCSSPropertyWithID(CSSPropertyID proper tyID)
478 { 478 {
479 int foundPropertyIndex = findPropertyIndex(propertyID); 479 int foundPropertyIndex = findPropertyIndex(propertyID);
480 if (foundPropertyIndex == -1) 480 if (foundPropertyIndex == -1)
481 return 0; 481 return 0;
482 return &m_propertyVector.at(foundPropertyIndex); 482 return &m_propertyVector.at(foundPropertyIndex);
483 } 483 }
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after
612 result.appendLiteral(": "); 612 result.appendLiteral(": ");
613 result.append(propertyValue()->cssText()); 613 result.append(propertyValue()->cssText());
614 if (isImportant()) 614 if (isImportant())
615 result.appendLiteral(" !important"); 615 result.appendLiteral(" !important");
616 result.append(';'); 616 result.append(';');
617 return result.toString(); 617 return result.toString();
618 } 618 }
619 619
620 620
621 } // namespace WebCore 621 } // namespace WebCore
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698