From bad6f3129e99047364ec657b94e7e6d94be4e6b3 Mon Sep 17 00:00:00 2001 From: Peter Van der Beken Date: Sun, 15 Nov 2009 11:57:49 +0100 Subject: [PATCH] Fix for bug 528300. r=sicking, a=blocking1.9.2+. --HG-- extra : rebase_source : c5bf7807f1840ab5a34b868b0eb90a6b1ec2d017 --- content/xslt/crashtests/528300.xml | 22 +++++++++++++++ content/xslt/crashtests/528488.xml | 19 +++++++++++++ content/xslt/crashtests/crashtests.list | 2 ++ content/xslt/src/xpath/txCoreFunctionCall.cpp | 28 ++++++++++++++----- content/xslt/src/xpath/txExpr.h | 3 +- content/xslt/src/xpath/txFunctionCall.cpp | 12 +++++--- .../src/xpath/txXPCOMExtensionFunction.cpp | 6 +++- .../src/xslt/txFormatNumberFunctionCall.cpp | 5 ++-- 8 files changed, 82 insertions(+), 15 deletions(-) create mode 100644 content/xslt/crashtests/528300.xml create mode 100644 content/xslt/crashtests/528488.xml diff --git a/content/xslt/crashtests/528300.xml b/content/xslt/crashtests/528300.xml new file mode 100644 index 00000000000..8902bb373e8 --- /dev/null +++ b/content/xslt/crashtests/528300.xml @@ -0,0 +1,22 @@ + + + +]> + + + + + + + + + + + + + diff --git a/content/xslt/crashtests/528488.xml b/content/xslt/crashtests/528488.xml new file mode 100644 index 00000000000..904b3456123 --- /dev/null +++ b/content/xslt/crashtests/528488.xml @@ -0,0 +1,19 @@ + + + +]> + + + + + + + + + diff --git a/content/xslt/crashtests/crashtests.list b/content/xslt/crashtests/crashtests.list index b6c5c98307e..4b0350c88a8 100644 --- a/content/xslt/crashtests/crashtests.list +++ b/content/xslt/crashtests/crashtests.list @@ -6,3 +6,5 @@ load 406106-1.html load 483444.xml load 485217.xml load 485286.xml +load 528300.xml +load 528488.xml diff --git a/content/xslt/src/xpath/txCoreFunctionCall.cpp b/content/xslt/src/xpath/txCoreFunctionCall.cpp index 03ce61a7406..46236cb53fc 100644 --- a/content/xslt/src/xpath/txCoreFunctionCall.cpp +++ b/content/xslt/src/xpath/txCoreFunctionCall.cpp @@ -387,7 +387,9 @@ txCoreFunctionCall::evaluate(txIEvalContext* aContext, txAExprResult** aResult) rv = mParams[0]->evaluateToString(aContext, src); NS_ENSURE_SUCCESS(rv, rv); - double start = evaluateToNumber(mParams[1], aContext); + double start; + rv = evaluateToNumber(mParams[1], aContext, &start); + NS_ENSURE_SUCCESS(rv, rv); // check for NaN or +/-Inf if (Double::isNaN(start) || @@ -402,8 +404,10 @@ txCoreFunctionCall::evaluate(txIEvalContext* aContext, txAExprResult** aResult) double end; if (mParams.Length() == 3) { - end = start + evaluateToNumber(mParams[2], - aContext); + rv = evaluateToNumber(mParams[2], aContext, &end); + NS_ENSURE_SUCCESS(rv, rv); + + end += start; if (Double::isNaN(end) || end < 0) { aContext->recycler()->getEmptyStringResult(aResult); @@ -531,7 +535,8 @@ txCoreFunctionCall::evaluate(txIEvalContext* aContext, txAExprResult** aResult) { double res; if (!mParams.IsEmpty()) { - res = evaluateToNumber(mParams[0], aContext); + rv = evaluateToNumber(mParams[0], aContext, &res); + NS_ENSURE_SUCCESS(rv, rv); } else { nsAutoString resultStr; @@ -543,7 +548,10 @@ txCoreFunctionCall::evaluate(txIEvalContext* aContext, txAExprResult** aResult) } case ROUND: { - double dbl = evaluateToNumber(mParams[0], aContext); + double dbl; + rv = evaluateToNumber(mParams[0], aContext, &dbl); + NS_ENSURE_SUCCESS(rv, rv); + if (!Double::isNaN(dbl) && !Double::isInfinite(dbl)) { if (Double::isNeg(dbl) && dbl >= -0.5) { dbl *= 0; @@ -557,7 +565,10 @@ txCoreFunctionCall::evaluate(txIEvalContext* aContext, txAExprResult** aResult) } case FLOOR: { - double dbl = evaluateToNumber(mParams[0], aContext); + double dbl; + rv = evaluateToNumber(mParams[0], aContext, &dbl); + NS_ENSURE_SUCCESS(rv, rv); + if (!Double::isNaN(dbl) && !Double::isInfinite(dbl) && !(dbl == 0 && Double::isNeg(dbl))) { @@ -568,7 +579,10 @@ txCoreFunctionCall::evaluate(txIEvalContext* aContext, txAExprResult** aResult) } case CEILING: { - double dbl = evaluateToNumber(mParams[0], aContext); + double dbl; + rv = evaluateToNumber(mParams[0], aContext, &dbl); + NS_ENSURE_SUCCESS(rv, rv); + if (!Double::isNaN(dbl) && !Double::isInfinite(dbl)) { if (Double::isNeg(dbl) && dbl > -1) { dbl *= 0; diff --git a/content/xslt/src/xpath/txExpr.h b/content/xslt/src/xpath/txExpr.h index 26d8cd4013f..a859c660d70 100644 --- a/content/xslt/src/xpath/txExpr.h +++ b/content/xslt/src/xpath/txExpr.h @@ -330,7 +330,8 @@ protected: /* * Evaluates the given Expression and converts its result to a number. */ - static double evaluateToNumber(Expr* aExpr, txIEvalContext* aContext); + static nsresult evaluateToNumber(Expr* aExpr, txIEvalContext* aContext, + double* aResult); /* * Evaluates the given Expression and converts its result to a NodeSet. diff --git a/content/xslt/src/xpath/txFunctionCall.cpp b/content/xslt/src/xpath/txFunctionCall.cpp index 2e6df285f09..d3d8d0a08aa 100644 --- a/content/xslt/src/xpath/txFunctionCall.cpp +++ b/content/xslt/src/xpath/txFunctionCall.cpp @@ -52,15 +52,19 @@ /* * Evaluates the given Expression and converts its result to a number. */ -double FunctionCall::evaluateToNumber(Expr* aExpr, txIEvalContext* aContext) +// static +nsresult +FunctionCall::evaluateToNumber(Expr* aExpr, txIEvalContext* aContext, + double* aResult) { NS_ASSERTION(aExpr, "missing expression"); nsRefPtr exprResult; nsresult rv = aExpr->evaluate(aContext, getter_AddRefs(exprResult)); - if (NS_FAILED(rv)) - return Double::NaN; + NS_ENSURE_SUCCESS(rv, rv); - return exprResult->numberValue(); + *aResult = exprResult->numberValue(); + + return NS_OK; } /* diff --git a/content/xslt/src/xpath/txXPCOMExtensionFunction.cpp b/content/xslt/src/xpath/txXPCOMExtensionFunction.cpp index 8975aa55c44..f7822b5b104 100644 --- a/content/xslt/src/xpath/txXPCOMExtensionFunction.cpp +++ b/content/xslt/src/xpath/txXPCOMExtensionFunction.cpp @@ -479,7 +479,11 @@ txXPCOMExtensionFunctionCall::evaluate(txIEvalContext* aContext, } case eNUMBER: { - invokeParam.val.d = evaluateToNumber(expr, aContext); + double dbl; + rv = evaluateToNumber(mParams[0], aContext, &dbl); + NS_ENSURE_SUCCESS(rv, rv); + + invokeParam.val.d = dbl; break; } case eSTRING: diff --git a/content/xslt/src/xslt/txFormatNumberFunctionCall.cpp b/content/xslt/src/xslt/txFormatNumberFunctionCall.cpp index ac9fd8edce1..93ca46ea64e 100644 --- a/content/xslt/src/xslt/txFormatNumberFunctionCall.cpp +++ b/content/xslt/src/xslt/txFormatNumberFunctionCall.cpp @@ -84,10 +84,11 @@ txFormatNumberFunctionCall::evaluate(txIEvalContext* aContext, double value; txExpandedName formatName; - value = evaluateToNumber(mParams[0], aContext); + nsresult rv = evaluateToNumber(mParams[0], aContext, &value); + NS_ENSURE_SUCCESS(rv, rv); nsAutoString formatStr; - nsresult rv = mParams[1]->evaluateToString(aContext, formatStr); + rv = mParams[1]->evaluateToString(aContext, formatStr); NS_ENSURE_SUCCESS(rv, rv); if (mParams.Length() == 3) {