From 285834ebd9ed5296d7ffb0b829b6147841d44711 Mon Sep 17 00:00:00 2001
From: John Mark Bell <jmb@netsurf-browser.org>
Date: Sun, 25 Jan 2009 00:02:27 +0000
Subject: Range check volume values

svn path=/trunk/libcss/; revision=6258
---
 src/parse/properties.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/parse')

diff --git a/src/parse/properties.c b/src/parse/properties.c
index 4297307..38fc58b 100644
--- a/src/parse/properties.c
+++ b/src/parse/properties.c
@@ -6215,6 +6215,10 @@ css_error parse_volume(css_language *c,
 		if (consumed != token->ilower->len)
 			return CSS_INVALID;
 
+		/* Must be between 0 and 100 */
+		if (length < 0 || length > F_100)
+			return CSS_INVALID;
+
 		parserutils_vector_iterate(vector, ctx);
 		value = VOLUME_NUMBER;
 	} else {
@@ -6227,6 +6231,10 @@ css_error parse_volume(css_language *c,
 		if ((unit & UNIT_PCT) == false)
 			return CSS_INVALID;
 
+		/* Must be positive */
+		if (length < 0)
+			return CSS_INVALID;
+
 		value = VOLUME_DIMENSION;
 	}
 
-- 
cgit v1.2.3