diff options
author | John Mark Bell <jmb@netsurf-browser.org> | 2008-08-18 17:26:14 +0000 |
---|---|---|
committer | John Mark Bell <jmb@netsurf-browser.org> | 2008-08-18 17:26:14 +0000 |
commit | f39a846715f4c6e9a12ba9a7d3085da59cef1332 (patch) | |
tree | 67e40f17aeb2adfa3729cbf81b0a3c066c1f54fc /src/tokeniser/tokeniser.c | |
parent | a000310dd4fd0d6f8e4fd0f40529e5e8b2318f9e (diff) | |
download | libhubbub-f39a846715f4c6e9a12ba9a7d3085da59cef1332.tar.gz libhubbub-f39a846715f4c6e9a12ba9a7d3085da59cef1332.tar.bz2 |
Fix segfault caused by trampling the length of the current character when testing whether the 4 most recently read characters in the data state are <!--.
Add a couple of assertions for paranoia.
svn path=/trunk/hubbub/; revision=5146
Diffstat (limited to 'src/tokeniser/tokeniser.c')
-rw-r--r-- | src/tokeniser/tokeniser.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/tokeniser/tokeniser.c b/src/tokeniser/tokeniser.c index ece2e20..43b4823 100644 --- a/src/tokeniser/tokeniser.c +++ b/src/tokeniser/tokeniser.c @@ -622,11 +622,14 @@ hubbub_error hubbub_tokeniser_handle_data(hubbub_tokeniser *tokeniser) tokeniser->content_model == HUBBUB_CONTENT_MODEL_CDATA) && tokeniser->context.pending >= 3) { - + size_t ignore; cptr = parserutils_inputstream_peek( tokeniser->input, tokeniser->context.pending - 3, - &len); + &ignore); + + assert(cptr != PARSERUTILS_INPUTSTREAM_OOD && + cptr != PARSERUTILS_INPUTSTREAM_EOF); if (strncmp((char *)cptr, "<!--", SLEN("<!--")) == 0) { @@ -664,6 +667,9 @@ hubbub_error hubbub_tokeniser_handle_data(hubbub_tokeniser *tokeniser) tokeniser->context.pending - 2, &len); + assert(cptr != PARSERUTILS_INPUTSTREAM_OOD && + cptr != PARSERUTILS_INPUTSTREAM_EOF); + if (strncmp((char *)cptr, "-->", SLEN("-->")) == 0) { tokeniser->escape_flag = false; } |