2011-06-16 Jeffrey Pfau <jpfau@apple.com>
authorcommit-queue <commit-queue@webkit.org>
Fri, 17 Jun 2011 05:54:14 +0000 (05:54 +0000)
committerAdemar de Souza Reis Jr <ademar.reis@openbossa.org>
Tue, 21 Jun 2011 17:09:41 +0000 (14:09 -0300)
commit4485d367603424b4060187f89b499b0e48903fa5
treeff87c3b29d643af2ba3d82bc56ee17cc5e1eb10d
parent55c2361f5ddec83499e05059f1f945c823ef2bd5
2011-06-16  Jeffrey Pfau  <jpfau@apple.com>

        Reviewed by Alexey Proskuryakov.

        Using null bytes when setting innerHTML in XTHML results in assertion and a crash due to null-pointer dereference
        https://bugs.webkit.org/show_bug.cgi?id=61053

        Added test cases covering two cases of using innerHTML with null bytes in XHTML.

        * fast/parser/xhtml-innerhtml-null-byte-expected.txt: Added.
        * fast/parser/xhtml-innerhtml-null-byte-first-expected.txt: Added.
        * fast/parser/xhtml-innerhtml-null-byte-first.xhtml: Added.
        * fast/parser/xhtml-innerhtml-null-byte.xhtml: Added.
2011-06-16  Jeffrey Pfau  <jpfau@apple.com>

        Reviewed by Alexey Proskuryakov.

        Using null bytes when setting innerHTML in XTHML results in assertion and a crash due to null-pointer dereference
        https://bugs.webkit.org/show_bug.cgi?id=61053

        XML parsing in-memory XML chunks now passes around a string object instead of a C string, ensuring null characters are properly handled.

        Tests: fast/parser/xhtml-innerhtml-null-byte-first.xhtml
               fast/parser/xhtml-innerhtml-null-byte.xhtml

        * dom/XMLDocumentParser.h:
        * dom/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLParserContext::createMemoryParser):
        (WebCore::XMLDocumentParser::initializeParserContext):
        (WebCore::XMLDocumentParser::appendFragmentSource):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89118 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/parser/xhtml-innerhtml-null-byte-expected.txt [new file with mode: 0644]
LayoutTests/fast/parser/xhtml-innerhtml-null-byte-first-expected.txt [new file with mode: 0644]
LayoutTests/fast/parser/xhtml-innerhtml-null-byte-first.xhtml [new file with mode: 0644]
LayoutTests/fast/parser/xhtml-innerhtml-null-byte.xhtml [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/XMLDocumentParser.h
Source/WebCore/dom/XMLDocumentParserLibxml2.cpp