wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Make the HTML5 parser manage formatting element list marker memory properly and not crash

Browse Source
This commit is contained in:
Henri Sivonen 2009-03-09 10:35:45 +02:00
parent 012bff4d07
commit 7f73feee28
3 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
content/html/parser/src/nsHtml5TreeBuilder.cpp
View File

@ -543,7 +543,9 @@ nsHtml5TreeBuilder::endTokenization()
delete[] stack; delete[] stack;
stack = nsnull; stack = nsnull;
while (listPtr > -1) { while (listPtr > -1) {
listOfActiveFormattingElements[listPtr]->release(); if (!!listOfActiveFormattingElements[listPtr]) {
listOfActiveFormattingElements[listPtr]->release();
}
listPtr--; listPtr--;
} }
delete[] listOfActiveFormattingElements; delete[] listOfActiveFormattingElements;
@ -2907,16 +2909,19 @@ nsHtml5TreeBuilder::append(nsHtml5StackNode* node)
void void
nsHtml5TreeBuilder::insertMarker() nsHtml5TreeBuilder::insertMarker()
{ {
append(MARKER); append(nsnull);
} }
void void
nsHtml5TreeBuilder::clearTheListOfActiveFormattingElementsUpToTheLastMarker() nsHtml5TreeBuilder::clearTheListOfActiveFormattingElementsUpToTheLastMarker()
{ {
while (listPtr > -1) { while (listPtr > -1) {
if (listOfActiveFormattingElements[listPtr--] == MARKER) { if (!listOfActiveFormattingElements[listPtr]) {
--listPtr;
return; return;
} }
listOfActiveFormattingElements[listPtr]->release();
--listPtr;
} }
} }
@ -2963,6 +2968,7 @@ nsHtml5TreeBuilder::removeFromStack(nsHtml5StackNode* node)
void void
nsHtml5TreeBuilder::removeFromListOfActiveFormattingElements(PRInt32 pos) nsHtml5TreeBuilder::removeFromListOfActiveFormattingElements(PRInt32 pos)
{ {
listOfActiveFormattingElements[pos]->release(); listOfActiveFormattingElements[pos]->release();
if (pos == listPtr) { if (pos == listPtr) {
@ -2982,12 +2988,12 @@ nsHtml5TreeBuilder::adoptionAgencyEndTag(nsIAtom* name)
for (; ; ) { for (; ; ) {
PRInt32 formattingEltListPos = listPtr; PRInt32 formattingEltListPos = listPtr;
while (formattingEltListPos > -1) { while (formattingEltListPos > -1) {
nsIAtom* listName = listOfActiveFormattingElements[formattingEltListPos]->name; nsHtml5StackNode* listNode = listOfActiveFormattingElements[formattingEltListPos];
if (listName == name) { if (!listNode) {
break;
} else if (!listName) {
formattingEltListPos = -1; formattingEltListPos = -1;
break; break;
} else if (listNode->name == name) {
break;
} }
formattingEltListPos--; formattingEltListPos--;
} }
@ -3136,7 +3142,7 @@ nsHtml5TreeBuilder::findInListOfActiveFormattingElementsContainsBetweenEndAndLas
{ {
for (PRInt32 i = listPtr; i >= 0; i--) { for (PRInt32 i = listPtr; i >= 0; i--) {
nsHtml5StackNode* node = listOfActiveFormattingElements[i]; nsHtml5StackNode* node = listOfActiveFormattingElements[i];
if (node == MARKER) { if (!node) {
return -1; return -1;
} else if (node->name == name) { } else if (node->name == name) {
return i; return i;
@ -3198,7 +3204,7 @@ nsHtml5TreeBuilder::reconstructTheActiveFormattingElements()
return; return;
} }
nsHtml5StackNode* mostRecent = listOfActiveFormattingElements[listPtr]; nsHtml5StackNode* mostRecent = listOfActiveFormattingElements[listPtr];
if (mostRecent == MARKER || isInStack(mostRecent)) { if (!mostRecent || isInStack(mostRecent)) {
return; return;
} }
PRInt32 entryPos = listPtr; PRInt32 entryPos = listPtr;
@ -3207,7 +3213,7 @@ nsHtml5TreeBuilder::reconstructTheActiveFormattingElements()
if (entryPos == -1) { if (entryPos == -1) {
break; break;
} }
if (listOfActiveFormattingElements[entryPos] == MARKER) { if (!listOfActiveFormattingElements[entryPos]) {
break; break;
} }
if (isInStack(listOfActiveFormattingElements[entryPos])) { if (isInStack(listOfActiveFormattingElements[entryPos])) {

1
content/html/parser/src/nsHtml5TreeBuilder.h
View File

@ -67,7 +67,6 @@ class nsHtml5TreeBuilder
private: private:
static jArray<PRUnichar,PRInt32> ISINDEX_PROMPT; static jArray<PRUnichar,PRInt32> ISINDEX_PROMPT;
static jArray<nsString*,PRInt32> QUIRKY_PUBLIC_IDS; static jArray<nsString*,PRInt32> QUIRKY_PUBLIC_IDS;
nsHtml5StackNode* MARKER;
static nsIAtom* HTML_LOCAL; static nsIAtom* HTML_LOCAL;
PRInt32 mode; PRInt32 mode;
PRInt32 originalMode; PRInt32 originalMode;

4
content/html/parser/src/nsHtml5TreeBuilderCppSupplement.h
View File

@ -63,8 +63,7 @@
jArray<PRUnichar,PRInt32> nsHtml5TreeBuilder::ISINDEX_PROMPT = jArray<PRUnichar,PRInt32>(); jArray<PRUnichar,PRInt32> nsHtml5TreeBuilder::ISINDEX_PROMPT = jArray<PRUnichar,PRInt32>();
nsHtml5TreeBuilder::nsHtml5TreeBuilder(nsHtml5Parser* aParser) nsHtml5TreeBuilder::nsHtml5TreeBuilder(nsHtml5Parser* aParser)
: MARKER(new nsHtml5StackNode(0, nsHtml5ElementName::NULL_ELEMENT_NAME, nsnull)), : documentModeHandler(aParser),
documentModeHandler(aParser),
fragment(PR_FALSE), fragment(PR_FALSE),
formPointer(nsnull), formPointer(nsnull),
headPointer(nsnull), headPointer(nsnull),
@ -78,7 +77,6 @@ nsHtml5TreeBuilder::nsHtml5TreeBuilder(nsHtml5Parser* aParser)
nsHtml5TreeBuilder::~nsHtml5TreeBuilder() nsHtml5TreeBuilder::~nsHtml5TreeBuilder()
{ {
MOZ_COUNT_DTOR(nsHtml5TreeBuilder); MOZ_COUNT_DTOR(nsHtml5TreeBuilder);
delete MARKER;
mOpQueue.Clear(); mOpQueue.Clear();
} }