Source/core/css/CSSTokenizer-in.cpp - Issue 241053002: ASSERTION FAILED: name[0] == '@' && length >= 2 in WebCore::CSSTokenizer::detectAtToken

Unified Diff: Source/core/css/CSSTokenizer-in.cpp

Issue 241053002: ASSERTION FAILED: name[0] == '@' && length >= 2 in WebCore::CSSTokenizer::detectAtToken (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« LayoutTests/fast/css/atrule-with-escape-character-crash.html ('K') | « LayoutTests/fast/css/atrule-with-escape-character-crash-expected.txt ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: Source/core/css/CSSTokenizer-in.cpp

diff --git a/Source/core/css/CSSTokenizer-in.cpp b/Source/core/css/CSSTokenizer-in.cpp

index 58a30bc4a0b9ac7c2cd3b44e3ae892e1fb3e3d39..03c2945643e5f522cc75c0ec3df13e4bfd440f3a 100644

--- a/Source/core/css/CSSTokenizer-in.cpp

+++ b/Source/core/css/CSSTokenizer-in.cpp

@@ -1481,7 +1481,7 @@ restartAfterComment:

m_token = ATKEYWORD;

++result;

parseIdentifier(result, resultString, hasEscape);

- detectAtToken<SrcCharacterType>(result - tokenStart<SrcCharacterType>(), hasEscape);

+ detectAtToken<SrcCharacterType>(resultString.length() + 1, hasEscape);

Julien - ping for review 2014/05/08 15:26:29 This seems like a big footgun that you are neuteri

reni 2014/05/22 22:04:38 This is (was) the only place where the pointer ari

Julien - ping for review 2014/05/23 10:42:09 OK, it seems worth a comment here so that people a

}

break;

« LayoutTests/fast/css/atrule-with-escape-character-crash.html ('K') | « LayoutTests/fast/css/atrule-with-escape-character-crash-expected.txt ('k') | no next file » | no next file with comments »