40265 2010-06-07 14:22:52 -0700 Fix XFrameOptions and xssAuditor crashes in HTML5 parser 2010-06-07 14:53:25 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Other OS X 10.5 RESOLVED FIXED P2 Normal --- 39259 1 abarth abarth eric oldest_to_newest 235034 0 abarth 2010-06-07 14:22:52 -0700 Fix XFrameOptions and xssAuditor crashes in HTML5 parser 235039 1 58085 abarth 2010-06-07 14:26:37 -0700 Created attachment 58085 Patch 235045 2 58085 eric 2010-06-07 14:43:11 -0700 Comment on attachment 58085 Patch WebCore/html/HTML5Tokenizer.cpp:47 + *m_counter = *m_counter + 1; += 1? WebCore/html/HTML5Tokenizer.cpp:52 + *m_counter = *m_counter - 1; -= 1? -- and ++ might work for (*m_counter)++, i' not sure. WebCore/html/HTML5Tokenizer.cpp:105 + NestingLevelIncrementer nestingLevelIncrementer(m_writeNestingLevel); Seems like we want to use this in other places too eventually. :) WebCore/html/HTML5Tokenizer.cpp:140 + if (!m_source.isEmpty() || isWaitingForScripts() || executingScript() || !m_endWasDelayed) m_endWasDelayed should be the first check, not the last. WebCore/html/HTML5Tokenizer.cpp:143 + m_endWasDelayed = false; Do we need to ASSERT in the destructor that we did end? Seems better than we currently have, but probably not perfect yet. 235047 3 abarth 2010-06-07 14:53:25 -0700 Committed r60802: <http://trac.webkit.org/changeset/60802> 58085 2010-06-07 14:26:37 -0700 2010-06-07 14:43:10 -0700 Patch bug-40265-20100607142635.patch text/plain 6095 abarth ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg ZDIwMDc1NzYzODE1NDlkZDY4YzUxNzE3ZjUzZjNhZTQxZDNjYjRmNS4uNGNjMzY2ZTczY2U3OTRh MmVhZThmNDIxNjM4NjI0NjMxMTJlZGZlYSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cK KysrIGIvV2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTEsNSArMSwzOSBAQAogMjAxMC0wNi0wNyAgQWRh bSBCYXJ0aCAgPGFiYXJ0aEB3ZWJraXQub3JnPgogCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIEZpeCBYRnJhbWVPcHRpb25zIGFuZCB4c3NBdWRpdG9yIGNy YXNoZXMgaW4gSFRNTDUgcGFyc2VyCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3No b3dfYnVnLmNnaT9pZD00MDI2NQorCisgICAgICAgIFdlJ3JlIG5vdCBzdXBwb3NlZCB0byBjYWxs IGVuZCgpIHdoaWxlIHRoZSB0b2tlbml6ZXIncyB3cml0ZSgpIG1ldGhvZC4KKyAgICAgICAgVGhp cyBjYXVzZXMgYSBidW5jaCBvZiBMYXlvdXRUZXN0cyB0byBjcmFzaC4gIEluIHBhcnRpY3VsYXIs IHRoaXMgcGF0Y2gKKyAgICAgICAgZml4ZXMgY3Jhc2hlcyBpbiB0aGUgZm9sbG93aW5nIHRlc3Rz OgorCisgICAgICAgIFRlc3RzOgorICAgICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0eS9YRnJh bWVPcHRpb25zL3gtZnJhbWUtb3B0aW9ucy1kZW55LW1ldGEtdGFnLWluLWJvZHkuaHRtbAorICAg ICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0eS9YRnJhbWVPcHRpb25zL3gtZnJhbWUtb3B0aW9u cy1kZW55LW1ldGEtdGFnLXBhcmVudC1zYW1lLW9yaWdpbi1kZW55Lmh0bWwKKyAgICAgICAgICAq IGh0dHAvdGVzdHMvc2VjdXJpdHkvWEZyYW1lT3B0aW9ucy94LWZyYW1lLW9wdGlvbnMtZGVueS1t ZXRhLXRhZy5odG1sCisgICAgICAgICAgKiBodHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3Iv ZnVsbC1ibG9jay1iYXNlLWhyZWYuaHRtbAorICAgICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0 eS94c3NBdWRpdG9yL2Z1bGwtYmxvY2stZ2V0LWZyb20taWZyYW1lLmh0bWwKKyAgICAgICAgICAq IGh0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci9mdWxsLWJsb2NrLWlmcmFtZS1qYXZhc2Ny aXB0LXVybC5odG1sCisgICAgICAgICAgKiBodHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3Iv ZnVsbC1ibG9jay1saW5rLW9uY2xpY2suaHRtbAorICAgICAgICAgICogaHR0cC90ZXN0cy9zZWN1 cml0eS94c3NBdWRpdG9yL2Z1bGwtYmxvY2stcG9zdC1mcm9tLWlmcmFtZS5odG1sCisgICAgICAg ICAgKiBodHRwL3Rlc3RzL3NlY3VyaXR5L3hzc0F1ZGl0b3IvZnVsbC1ibG9jay1zY3JpcHQtdGFn Lmh0bWwKKyAgICAgICAgICAqIGh0dHAvdGVzdHMvc2VjdXJpdHkveHNzQXVkaXRvci94c3MtcHJv dGVjdGlvbi1wYXJzaW5nLTAxLmh0bWwKKworICAgICAgICAqIGh0bWwvSFRNTDVUb2tlbml6ZXIu Y3BwOgorICAgICAgICAoV2ViQ29yZTo6KToKKyAgICAgICAgKFdlYkNvcmU6OkhUTUw1VG9rZW5p emVyOjpIVE1MNVRva2VuaXplcik6CisgICAgICAgIChXZWJDb3JlOjpIVE1MNVRva2VuaXplcjo6 d3JpdGUpOgorICAgICAgICAoV2ViQ29yZTo6SFRNTDVUb2tlbml6ZXI6OmF0dGVtcHRUb0VuZCk6 CisgICAgICAgIChXZWJDb3JlOjpIVE1MNVRva2VuaXplcjo6ZW5kSWZEZWxheWVkKToKKyAgICAg ICAgKFdlYkNvcmU6OkhUTUw1VG9rZW5pemVyOjpmaW5pc2gpOgorICAgICAgICAoV2ViQ29yZTo6 SFRNTDVUb2tlbml6ZXI6OnJlc3VtZVBhcnNpbmdBZnRlclNjcmlwdEV4ZWN1dGlvbik6CisgICAg ICAgICogaHRtbC9IVE1MNVRva2VuaXplci5oOgorICAgICAgICAoV2ViQ29yZTo6SFRNTDVUb2tl bml6ZXI6OmluV3JpdGUpOgorCisyMDEwLTA2LTA3ICBBZGFtIEJhcnRoICA8YWJhcnRoQHdlYmtp dC5vcmc+CisKICAgICAgICAgUmV2aWV3ZWQgYnkgRXJpYyBTZWlkZWwuCiAKICAgICAgICAgIkZp eCIgZmFzdC9kb20vc3RyaXBOdWxsRnJvbVRleHROb2Rlcy5odG1sIGluIEhUTUw1IHBhcnNlcgpk aWZmIC0tZ2l0IGEvV2ViQ29yZS9odG1sL0hUTUw1VG9rZW5pemVyLmNwcCBiL1dlYkNvcmUvaHRt bC9IVE1MNVRva2VuaXplci5jcHAKaW5kZXggMGQ3NWY4MzM0OGFmNWYxZWMxMzY2NTkxNTZjNWVi MDA2YjFiMDFlYS4uNzk4ZjIwOWYzOThkOWY3ZTdhZThjYjhhNzJkZDM1OWQ3ZWVkZjkwZSAxMDA2 NDQKLS0tIGEvV2ViQ29yZS9odG1sL0hUTUw1VG9rZW5pemVyLmNwcAorKysgYi9XZWJDb3JlL2h0 bWwvSFRNTDVUb2tlbml6ZXIuY3BwCkBAIC0zNywxMyArMzcsMzUgQEAKIAogbmFtZXNwYWNlIFdl YkNvcmUgewogCituYW1lc3BhY2UgeworCitjbGFzcyBOZXN0aW5nTGV2ZWxJbmNyZW1lbnRlciA6 IHB1YmxpYyBOb25jb3B5YWJsZSB7CitwdWJsaWM6CisgICAgTmVzdGluZ0xldmVsSW5jcmVtZW50 ZXIoaW50JiBjb3VudGVyKQorICAgICAgICA6IG1fY291bnRlcigmY291bnRlcikKKyAgICB7Cisg ICAgICAgICptX2NvdW50ZXIgPSAqbV9jb3VudGVyICsgMTsKKyAgICB9CisgICAgCisgICAgfk5l c3RpbmdMZXZlbEluY3JlbWVudGVyKCkKKyAgICB7CisgICAgICAgICptX2NvdW50ZXIgPSAqbV9j b3VudGVyIC0gMTsKKyAgICB9CisKK3ByaXZhdGU6CisgICAgaW50KiBtX2NvdW50ZXI7Cit9Owor Cit9IC8vIG5hbWVzcGFjZQorCiBIVE1MNVRva2VuaXplcjo6SFRNTDVUb2tlbml6ZXIoSFRNTERv Y3VtZW50KiBkb2N1bWVudCwgYm9vbCByZXBvcnRFcnJvcnMpCiAgICAgOiBUb2tlbml6ZXIoKQog ICAgICwgbV9kb2N1bWVudChkb2N1bWVudCkKICAgICAsIG1fbGV4ZXIobmV3IEhUTUw1TGV4ZXIp CiAgICAgLCBtX3NjcmlwdFJ1bm5lcihuZXcgSFRNTDVTY3JpcHRSdW5uZXIoZG9jdW1lbnQsIHRo aXMpKQogICAgICwgbV90cmVlQnVpbGRlcihuZXcgSFRNTDVUcmVlQnVpbGRlcihtX2xleGVyLmdl dCgpLCBkb2N1bWVudCwgcmVwb3J0RXJyb3JzKSkKLSAgICAsIG1fd2FzV2FpdGluZ09uU2NyaXB0 c0R1cmluZ0ZpbmlzaChmYWxzZSkKKyAgICAsIG1fZW5kV2FzRGVsYXllZChmYWxzZSkKKyAgICAs IG1fd3JpdGVOZXN0aW5nTGV2ZWwoMCkKIHsKICAgICBiZWdpbigpOwogfQpAQCAtODAsMTAgKzEw MiwxNCBAQCB2b2lkIEhUTUw1VG9rZW5pemVyOjpwdW1wTGV4ZXIoKQogCiB2b2lkIEhUTUw1VG9r ZW5pemVyOjp3cml0ZShjb25zdCBTZWdtZW50ZWRTdHJpbmcmIHNvdXJjZSwgYm9vbCkKIHsKKyAg ICBOZXN0aW5nTGV2ZWxJbmNyZW1lbnRlciBuZXN0aW5nTGV2ZWxJbmNyZW1lbnRlcihtX3dyaXRl TmVzdGluZ0xldmVsKTsKKwogICAgIC8vIEhUTUw1VG9rZW5pemVyOjpleGVjdXRlU2NyaXB0IGlz IHJlc3BvbnNpYmxlIGZvciBoYW5kbGluZyBzYXZpbmcgbV9zb3VyY2UgYmVmb3JlIHJlLWVudHJ5 LgogICAgIG1fc291cmNlLmFwcGVuZChzb3VyY2UpOwogICAgIGlmICghbV90cmVlQnVpbGRlci0+ aXNQYXVzZWQoKSkKICAgICAgICAgcHVtcExleGVyKCk7CisKKyAgICBlbmRJZkRlbGF5ZWQoKTsK IH0KIAogdm9pZCBIVE1MNVRva2VuaXplcjo6ZW5kKCkKQEAgLTk0LDIwICsxMjAsMzUgQEAgdm9p ZCBIVE1MNVRva2VuaXplcjo6ZW5kKCkKICAgICBtX3RyZWVCdWlsZGVyLT5maW5pc2hlZCgpOwog fQogCi12b2lkIEhUTUw1VG9rZW5pemVyOjpmaW5pc2goKQordm9pZCBIVE1MNVRva2VuaXplcjo6 YXR0ZW1wdFRvRW5kKCkKIHsKICAgICAvLyBmaW5pc2goKSBpbmRpY2F0ZXMgd2Ugd2lsbCBub3Qg cmVjZWl2ZSBhbnkgbW9yZSBkYXRhLiBJZiB3ZSBhcmUgd2FpdGluZyBvbgogICAgIC8vIGFuIGV4 dGVybmFsIHNjcmlwdCB0byBsb2FkLCB3ZSBjYW4ndCBmaW5pc2ggcGFyc2luZyBxdWl0ZSB5ZXQu Ci0gICAgaWYgKGlzV2FpdGluZ0ZvclNjcmlwdHMoKSkgewotICAgICAgICAvLyBGSVhNRTogV2Ug bWlnaHQgd2FudCB0byB1c2UgcmVhbCBzdGF0ZSBlbnVtIGluc3RlYWQgb2YgYSBib29sIGhlcmUu Ci0gICAgICAgIG1fd2FzV2FpdGluZ09uU2NyaXB0c0R1cmluZ0ZpbmlzaCA9IHRydWU7CisKKyAg ICBpZiAoaW5Xcml0ZSgpIHx8IGlzV2FpdGluZ0ZvclNjcmlwdHMoKSkgeworICAgICAgICBtX2Vu ZFdhc0RlbGF5ZWQgPSB0cnVlOwogICAgICAgICByZXR1cm47CiAgICAgfQorCiAgICAgLy8gV2Ug Y2FuJ3QgY2FsbCBtX3NvdXJjZS5jbG9zZSgpIHlldCBhcyB3ZSBtYXkgaGF2ZSBhIDxzY3JpcHQ+ IGV4ZWN1dGlvbgogICAgIC8vIHBlbmRpbmcgd2hpY2ggd2lsbCBjYWxsIGRvY3VtZW50LndyaXRl KCkuICBObyBtb3JlIGRhdGEgb2ZmIHRoZSBuZXR3b3JrIHRob3VnaC4KICAgICBlbmQoKTsKIH0K IAordm9pZCBIVE1MNVRva2VuaXplcjo6ZW5kSWZEZWxheWVkKCkKK3sKKyAgICBpZiAoIW1fc291 cmNlLmlzRW1wdHkoKSB8fCBpc1dhaXRpbmdGb3JTY3JpcHRzKCkgfHwgZXhlY3V0aW5nU2NyaXB0 KCkgfHwgIW1fZW5kV2FzRGVsYXllZCkKKyAgICAgICAgcmV0dXJuOworCisgICAgbV9lbmRXYXNE ZWxheWVkID0gZmFsc2U7CisgICAgZW5kKCk7Cit9CisKK3ZvaWQgSFRNTDVUb2tlbml6ZXI6OmZp bmlzaCgpCit7CisgICAgYXR0ZW1wdFRvRW5kKCk7Cit9CisKIGludCBIVE1MNVRva2VuaXplcjo6 ZXhlY3V0aW5nU2NyaXB0KCkgY29uc3QKIHsKICAgICByZXR1cm4gbV9zY3JpcHRSdW5uZXItPmlu U2NyaXB0RXhlY3V0aW9uKCk7CkBAIC0xMzQsOCArMTc1LDggQEAgdm9pZCBIVE1MNVRva2VuaXpl cjo6cmVzdW1lUGFyc2luZ0FmdGVyU2NyaXB0RXhlY3V0aW9uKCkKICAgICBBU1NFUlQoIW1fdHJl ZUJ1aWxkZXItPmlzUGF1c2VkKCkpOwogICAgIHB1bXBMZXhlcigpOwogICAgIEFTU0VSVChtX3Ry ZWVCdWlsZGVyLT5pc1BhdXNlZCgpIHx8IG1fc291cmNlLmlzRW1wdHkoKSk7Ci0gICAgaWYgKG1f c291cmNlLmlzRW1wdHkoKSAmJiBtX3dhc1dhaXRpbmdPblNjcmlwdHNEdXJpbmdGaW5pc2gpCi0g ICAgICAgIGVuZCgpOyAvLyBUaGUgZG9jdW1lbnQgYWxyZWFkeSBmaW5pc2hlZCBwYXJzaW5nIHdl IHdlcmUganVzdCB3YWl0aW5nIG9uIHNjcmlwdHMgd2hlbiBmaW5pc2hlZCgpIHdhcyBjYWxsZWQu CisgICAgLy8gVGhlIGRvY3VtZW50IGFscmVhZHkgZmluaXNoZWQgcGFyc2luZyB3ZSB3ZXJlIGp1 c3Qgd2FpdGluZyBvbiBzY3JpcHRzIHdoZW4gZmluaXNoZWQoKSB3YXMgY2FsbGVkLgorICAgIGVu ZElmRGVsYXllZCgpOwogfQogCiB2b2lkIEhUTUw1VG9rZW5pemVyOjp3YXRjaEZvckxvYWQoQ2Fj aGVkUmVzb3VyY2UqIGNhY2hlZFNjcmlwdCkKZGlmZiAtLWdpdCBhL1dlYkNvcmUvaHRtbC9IVE1M NVRva2VuaXplci5oIGIvV2ViQ29yZS9odG1sL0hUTUw1VG9rZW5pemVyLmgKaW5kZXggODEyNzg0 NTM5YTZkOTVmNjlkZDgyNzE1MDE2Y2I5ZGM3ODZlODcwZS4uNmExNWU3OWQ2N2FmY2FjZmQ5MWMz YzA0YzZiOGQ0ODM3YWZiOTMzZSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9odG1sL0hUTUw1VG9rZW5p emVyLmgKKysrIGIvV2ViQ29yZS9odG1sL0hUTUw1VG9rZW5pemVyLmgKQEAgLTcyLDYgKzcyLDEw IEBAIHByaXZhdGU6CiAgICAgdm9pZCBwdW1wTGV4ZXIoKTsKICAgICB2b2lkIHJlc3VtZVBhcnNp bmdBZnRlclNjcmlwdEV4ZWN1dGlvbigpOwogCisgICAgdm9pZCBhdHRlbXB0VG9FbmQoKTsKKyAg ICB2b2lkIGVuZElmRGVsYXllZCgpOworICAgIGJvb2wgaW5Xcml0ZSgpIGNvbnN0IHsgcmV0dXJu IG1fd3JpdGVOZXN0aW5nTGV2ZWwgPiAwOyB9CisKICAgICBTZWdtZW50ZWRTdHJpbmcgbV9zb3Vy Y2U7CiAKICAgICAvLyBXZSBob2xkIG1fdG9rZW4gaGVyZSBiZWNhdXNlIGl0IG1pZ2h0IGJlIHBh cnRpYWxseSBjb21wbGV0ZS4KQEAgLTgxLDcgKzg1LDggQEAgcHJpdmF0ZToKICAgICBPd25QdHI8 SFRNTDVMZXhlcj4gbV9sZXhlcjsKICAgICBPd25QdHI8SFRNTDVTY3JpcHRSdW5uZXI+IG1fc2Ny aXB0UnVubmVyOwogICAgIE93blB0cjxIVE1MNVRyZWVCdWlsZGVyPiBtX3RyZWVCdWlsZGVyOwot ICAgIGJvb2wgbV93YXNXYWl0aW5nT25TY3JpcHRzRHVyaW5nRmluaXNoOworICAgIGJvb2wgbV9l bmRXYXNEZWxheWVkOworICAgIGludCBtX3dyaXRlTmVzdGluZ0xldmVsOwogfTsKIAogfQo=