Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(53)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/dom/Range.cpp

Issue 2707233002: Range and Selection: Do not accept offsets larger than 2^31-1. (Closed)
Patch Set: . Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/text/selection-exceptions-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * (C) 1999 Lars Knoll (knoll@kde.org) 2 * (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 2000 Gunnstein Lye (gunnstein@netcom.no) 3 * (C) 2000 Gunnstein Lye (gunnstein@netcom.no)
4 * (C) 2000 Frederik Holljen (frederik.holljen@hig.no) 4 * (C) 2000 Frederik Holljen (frederik.holljen@hig.no)
5 * (C) 2001 Peter Kelly (pmk@post.com) 5 * (C) 2001 Peter Kelly (pmk@post.com)
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
7 * rights reserved. 7 * rights reserved.
8 * Copyright (C) 2011 Motorola Mobility. All rights reserved. 8 * Copyright (C) 2011 Motorola Mobility. All rights reserved.
9 * 9 *
10 * This library is free software; you can redistribute it and/or 10 * This library is free software; you can redistribute it and/or
(...skipping 1025 matching lines...) Expand 10 before | Expand all | Expand 10 after
1036 return nullptr; 1036 return nullptr;
1037 case Node::kCdataSectionNode: 1037 case Node::kCdataSectionNode:
1038 case Node::kCommentNode: 1038 case Node::kCommentNode:
1039 case Node::kTextNode: 1039 case Node::kTextNode:
1040 if (offset > toCharacterData(n)->length()) { 1040 if (offset > toCharacterData(n)->length()) {
1041 exceptionState.throwDOMException( 1041 exceptionState.throwDOMException(
1042 IndexSizeError, "The offset " + String::number(offset) + 1042 IndexSizeError, "The offset " + String::number(offset) +
1043 " is larger than the node's length (" + 1043 " is larger than the node's length (" +
1044 String::number(toCharacterData(n)->length()) + 1044 String::number(toCharacterData(n)->length()) +
1045 ")."); 1045 ").");
1046 } else if (offset >
1047 static_cast<unsigned>(std::numeric_limits<int>::max())) {
1048 exceptionState.throwDOMException(
1049 IndexSizeError,
1050 "The offset " + String::number(offset) + " is invalid.");
1046 } 1051 }
1047 return nullptr; 1052 return nullptr;
1048 case Node::kProcessingInstructionNode: 1053 case Node::kProcessingInstructionNode:
1049 if (offset > toProcessingInstruction(n)->data().length()) { 1054 if (offset > toProcessingInstruction(n)->data().length()) {
1050 exceptionState.throwDOMException( 1055 exceptionState.throwDOMException(
1051 IndexSizeError, 1056 IndexSizeError,
1052 "The offset " + String::number(offset) + 1057 "The offset " + String::number(offset) +
1053 " is larger than the node's length (" + 1058 " is larger than the node's length (" +
1054 String::number(toProcessingInstruction(n)->data().length()) + 1059 String::number(toProcessingInstruction(n)->data().length()) +
1055 ")."); 1060 ").");
1061 } else if (offset >
1062 static_cast<unsigned>(std::numeric_limits<int>::max())) {
1063 exceptionState.throwDOMException(
1064 IndexSizeError,
1065 "The offset " + String::number(offset) + " is invalid.");
1056 } 1066 }
1057 return nullptr; 1067 return nullptr;
1058 case Node::kAttributeNode: 1068 case Node::kAttributeNode:
1059 case Node::kDocumentFragmentNode: 1069 case Node::kDocumentFragmentNode:
1060 case Node::kDocumentNode: 1070 case Node::kDocumentNode:
1061 case Node::kElementNode: { 1071 case Node::kElementNode: {
1062 if (!offset) 1072 if (!offset)
1063 return nullptr; 1073 return nullptr;
1074 if (offset > static_cast<unsigned>(std::numeric_limits<int>::max())) {
1075 exceptionState.throwDOMException(
1076 IndexSizeError,
1077 "The offset " + String::number(offset) + " is invalid.");
1078 return nullptr;
1079 }
1064 Node* childBefore = NodeTraversal::childAt(*n, offset - 1); 1080 Node* childBefore = NodeTraversal::childAt(*n, offset - 1);
1065 if (!childBefore) { 1081 if (!childBefore) {
1066 exceptionState.throwDOMException( 1082 exceptionState.throwDOMException(
1067 IndexSizeError, 1083 IndexSizeError,
1068 "There is no child at offset " + String::number(offset) + "."); 1084 "There is no child at offset " + String::number(offset) + ".");
1069 } 1085 }
1070 return childBefore; 1086 return childBefore;
1071 } 1087 }
1072 } 1088 }
1073 NOTREACHED(); 1089 NOTREACHED();
(...skipping 693 matching lines...) Expand 10 before | Expand all | Expand 10 after
1767 .data() 1783 .data()
1768 << "start offset: " << range->startOffset() 1784 << "start offset: " << range->startOffset()
1769 << ", end offset: " << range->endOffset(); 1785 << ", end offset: " << range->endOffset();
1770 } else { 1786 } else {
1771 LOG(INFO) << "Cannot show tree if range is null, or if boundary points are " 1787 LOG(INFO) << "Cannot show tree if range is null, or if boundary points are "
1772 "invalid."; 1788 "invalid.";
1773 } 1789 }
1774 } 1790 }
1775 1791
1776 #endif 1792 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/fast/text/selection-exceptions-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698