summaryrefslogtreecommitdiff
path: root/src/tokeniser
diff options
context:
space:
mode:
authorJohn Mark Bell <jmb@netsurf-browser.org>2008-08-18 17:26:14 +0000
committerJohn Mark Bell <jmb@netsurf-browser.org>2008-08-18 17:26:14 +0000
commitf39a846715f4c6e9a12ba9a7d3085da59cef1332 (patch)
tree67e40f17aeb2adfa3729cbf81b0a3c066c1f54fc /src/tokeniser
parenta000310dd4fd0d6f8e4fd0f40529e5e8b2318f9e (diff)
downloadlibhubbub-f39a846715f4c6e9a12ba9a7d3085da59cef1332.tar.gz
libhubbub-f39a846715f4c6e9a12ba9a7d3085da59cef1332.tar.bz2
Fix segfault caused by trampling the length of the current character when testing whether the 4 most recently read characters in the data state are <!--.
Add a couple of assertions for paranoia. svn path=/trunk/hubbub/; revision=5146
Diffstat (limited to 'src/tokeniser')
-rw-r--r--src/tokeniser/tokeniser.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/tokeniser/tokeniser.c b/src/tokeniser/tokeniser.c
index ece2e20..43b4823 100644
--- a/src/tokeniser/tokeniser.c
+++ b/src/tokeniser/tokeniser.c
@@ -622,11 +622,14 @@ hubbub_error hubbub_tokeniser_handle_data(hubbub_tokeniser *tokeniser)
tokeniser->content_model ==
HUBBUB_CONTENT_MODEL_CDATA) &&
tokeniser->context.pending >= 3) {
-
+ size_t ignore;
cptr = parserutils_inputstream_peek(
tokeniser->input,
tokeniser->context.pending - 3,
- &len);
+ &ignore);
+
+ assert(cptr != PARSERUTILS_INPUTSTREAM_OOD &&
+ cptr != PARSERUTILS_INPUTSTREAM_EOF);
if (strncmp((char *)cptr,
"<!--", SLEN("<!--")) == 0) {
@@ -664,6 +667,9 @@ hubbub_error hubbub_tokeniser_handle_data(hubbub_tokeniser *tokeniser)
tokeniser->context.pending - 2,
&len);
+ assert(cptr != PARSERUTILS_INPUTSTREAM_OOD &&
+ cptr != PARSERUTILS_INPUTSTREAM_EOF);
+
if (strncmp((char *)cptr, "-->", SLEN("-->")) == 0) {
tokeniser->escape_flag = false;
}