From 755b8ac75fcb62e18f61fa83fba695cc4fd0bed5 Mon Sep 17 00:00:00 2001 From: John Mark Bell Date: Mon, 30 Aug 2010 13:39:49 +0000 Subject: Jump through hoops to conform to the spec: apparently, it requires unsigned values to be considered as signed svn path=/trunk/dom/; revision=10725 --- src/core/characterdata.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/core/characterdata.c b/src/core/characterdata.c index 6bb542d..05d12ea 100644 --- a/src/core/characterdata.c +++ b/src/core/characterdata.c @@ -179,8 +179,9 @@ dom_exception _dom_characterdata_get_length(struct dom_characterdata *cdata, * \param count The number of characters to extract * \param data Pointer to location to receive substring * \return DOM_NO_ERR on success, - * DOM_INDEX_SIZE_ERR if ::offset is greater than the number of - * characters in ::cdata. + * DOM_INDEX_SIZE_ERR if ::offset is negative or greater than the + * number of characters in ::cdata or + * ::count is negative. * * The returned string will have its reference count increased. It is * the responsibility of the caller to unref the string once it has @@ -196,6 +197,10 @@ dom_exception _dom_characterdata_substring_data( struct dom_node_internal *c = (struct dom_node_internal *) cdata; uint32_t len, end; + if ((signed long) offset < 0 || (signed long) count < 0) { + return DOM_INDEX_SIZE_ERR; + } + if (c->value != NULL) { len = dom_string_length(c->value); } else { @@ -260,8 +265,9 @@ dom_exception _dom_characterdata_append_data(struct dom_characterdata *cdata, * \param offset The character offset to insert at * \param data The data to insert * \return DOM_NO_ERR on success, - * DOM_INDEX_SIZE_ERR if ::offset is greater than the - * number of characters in ::cdata, + * DOM_INDEX_SIZE_ERR if ::offset is negative or greater + * than the number of characters in + * ::cdata, * DOM_NO_MODIFICATION_ALLOWED_ERR if ::cdata is readonly. */ dom_exception _dom_characterdata_insert_data(struct dom_characterdata *cdata, @@ -276,6 +282,10 @@ dom_exception _dom_characterdata_insert_data(struct dom_characterdata *cdata, return DOM_NO_MODIFICATION_ALLOWED_ERR; } + if ((signed long) offset < 0) { + return DOM_INDEX_SIZE_ERR; + } + if (c->value != NULL) { len = dom_string_length(c->value); } else { @@ -316,8 +326,9 @@ dom_exception _dom_characterdata_insert_data(struct dom_characterdata *cdata, * \param offset The character offset to start deletion from * \param count The number of characters to delete * \return DOM_NO_ERR on success, - * DOM_INDEX_SIZE_ERR if ::offset is greater than the - * number of characters in ::cdata, + * DOM_INDEX_SIZE_ERR if ::offset is negative or greater + * than the number of characters in + * ::cdata or ::count is negative, * DOM_NO_MODIFICATION_ALLOWED_ERR if ::cdata is readonly. */ dom_exception _dom_characterdata_delete_data(struct dom_characterdata *cdata, @@ -332,6 +343,10 @@ dom_exception _dom_characterdata_delete_data(struct dom_characterdata *cdata, return DOM_NO_MODIFICATION_ALLOWED_ERR; } + if ((signed long) offset < 0 || (signed long) count < 0) { + return DOM_INDEX_SIZE_ERR; + } + if (c->value != NULL) { len = dom_string_length(c->value); } else { @@ -375,8 +390,9 @@ dom_exception _dom_characterdata_delete_data(struct dom_characterdata *cdata, * \param count The number of characters to replace * \param data The replacement data * \return DOM_NO_ERR on success, - * DOM_INDEX_SIZE_ERR if ::offset is greater than the - * number of characters in ::cdata, + * DOM_INDEX_SIZE_ERR if ::offset is negative or greater + * than the number of characters in + * ::cdata or ::count is negative, * DOM_NO_MODIFICATION_ALLOWED_ERR if ::cdata is readonly. */ dom_exception _dom_characterdata_replace_data(struct dom_characterdata *cdata, @@ -392,6 +408,10 @@ dom_exception _dom_characterdata_replace_data(struct dom_characterdata *cdata, return DOM_NO_MODIFICATION_ALLOWED_ERR; } + if ((signed long) offset < 0 || (signed long) count < 0) { + return DOM_INDEX_SIZE_ERR; + } + if (c->value != NULL) { len = dom_string_length(c->value); } else { -- cgit v1.2.3