Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(985)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/html/parser/TextResourceDecoder.cpp

Issue 298023006: Added early return in WebCore::TextResourceDecoder::checkForCSSCharset to fix buffer overflow (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@parser_crashfix
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/fast/encoding/resources/css-charset-missing-semi-colon-and-newline.css ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/html/parser/TextResourceDecoder.cpp
diff --git a/Source/core/html/parser/TextResourceDecoder.cpp b/Source/core/html/parser/TextResourceDecoder.cpp
index 3daddfedb413d5f0d67bb83ca336ece74ad782c3..493f5cbddb93f522493d866625ebc019c2153022 100644
--- a/Source/core/html/parser/TextResourceDecoder.cpp
+++ b/Source/core/html/parser/TextResourceDecoder.cpp
@@ -264,6 +264,8 @@ bool TextResourceDecoder::checkForCSSCharset(const char* data, size_t len, bool&
int encodingNameLength = pos - dataStart;
++pos;
+ if (pos == dataEnd)
eseidel 2014/05/28 00:42:51 Seems like we should wrap this in a helper which r
+ return false;
if (*pos == ';')
setEncoding(findTextEncoding(dataStart, encodingNameLength), EncodingFromCSSCharset);
« no previous file with comments | « LayoutTests/fast/encoding/resources/css-charset-missing-semi-colon-and-newline.css ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698