[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

hyatt hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:13:17 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit 0d752a462c56483f8a6b55e43501fc2a5161a8df
Author: hyatt <hyatt at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Nov 18 02:38:02 2003 +0000

    	Fix for 3472998, stop a crash on an insanely malformed page.  I had to change the concept of
    	"inStrayTableContent" to be a counter, since you could be nested and need to push/pop, and
    	then I also had to stop from mistakenly popping when I didn't need to.
    
            Reviewed by rjw
    
            * khtml/html/htmlparser.cpp:
            (KHTMLParser::reset):
            (KHTMLParser::insertNode):
            (KHTMLParser::reopenResidualStyleTags):
            (KHTMLParser::popBlock):
            (KHTMLParser::popOneBlock):
            * khtml/html/htmlparser.h:
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5560 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index a011a23..4294161 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,19 @@
+2003-11-17  David Hyatt  <hyatt at apple.com>
+
+	Fix for 3472998, stop a crash on an insanely malformed page.  I had to change the concept of 
+	"inStrayTableContent" to be a counter, since you could be nested and need to push/pop, and
+	then I also had to stop from mistakenly popping when I didn't need to.
+	
+        Reviewed by rjw
+
+        * khtml/html/htmlparser.cpp:
+        (KHTMLParser::reset):
+        (KHTMLParser::insertNode):
+        (KHTMLParser::reopenResidualStyleTags):
+        (KHTMLParser::popBlock):
+        (KHTMLParser::popOneBlock):
+        * khtml/html/htmlparser.h:
+
 2003-11-17  Darin Adler  <darin at apple.com>
 
         Reviewed by Ken.
diff --git a/WebCore/khtml/html/htmlparser.cpp b/WebCore/khtml/html/htmlparser.cpp
index 5a0a4f5..24c6e64 100644
--- a/WebCore/khtml/html/htmlparser.cpp
+++ b/WebCore/khtml/html/htmlparser.cpp
@@ -174,7 +174,7 @@ void KHTMLParser::reset()
     haveFrameSet = false;
     haveContent = false;
     inSelect = false;
-    inStrayTableContent = false;
+    inStrayTableContent = 0;
     
     form = 0;
     map = 0;
@@ -356,11 +356,10 @@ bool KHTMLParser::insertNode(NodeImpl *n, bool flat)
         case ID_TR:
         case ID_TH:
         case ID_TD:
-            if (inStrayTableContent) {
+            if (inStrayTableContent && !isTableRelatedTag(current->id())) {
                 // pop out to the nearest enclosing table-related tag.
                 while (!isTableRelatedTag(current->id()))
                     popOneBlock();
-                inStrayTableContent = false;
                 return insertNode(n);
             }
             break;
@@ -631,7 +630,7 @@ bool KHTMLParser::insertNode(NodeImpl *n, bool flat)
                     {
                         pushBlock(id, tagPriority[id]);
                         setCurrent(n);
-                        inStrayTableContent = true;
+                        inStrayTableContent++;
                         blockStack->strayTableContent = true;
                     }
                     return true;
@@ -1399,9 +1398,9 @@ void KHTMLParser::reopenResidualStyleTags(HTMLStackElem* elem, DOM::NodeImpl* ma
 
         // Set our strayTableContent boolean if needed, so that the reopened tag also knows
         // that it is inside a malformed table.
-        blockStack->strayTableContent = !inStrayTableContent && malformedTableParent;
+        blockStack->strayTableContent = malformedTableParent != 0;
         if (blockStack->strayTableContent)
-            inStrayTableContent = true;
+            inStrayTableContent++;
 
         // Clear our malformed table parent variable.
         malformedTableParent = 0;
@@ -1468,7 +1467,7 @@ void KHTMLParser::popBlock( int _id )
     {
         if (Elem->id == _id)
         {
-            bool strayTable = inStrayTableContent;
+            int strayTable = inStrayTableContent;
             popOneBlock();
             Elem = 0;
 
@@ -1476,7 +1475,7 @@ void KHTMLParser::popBlock( int _id )
             // explicit <tbody> or <tr>.
             // If we end up needing to reopen residual style tags, the root of the reopened chain
             // must also know that it is the root of malformed content inside a <tbody>/<tr>.
-            if (strayTable && !inStrayTableContent && residualStyleStack) {
+            if (strayTable && (inStrayTableContent < strayTable) && residualStyleStack) {
                 NodeImpl* curr = current;
                 while (curr && curr->id() != ID_TABLE)
                     curr = curr->parentNode();
@@ -1546,7 +1545,7 @@ void KHTMLParser::popOneBlock(bool delBlock)
     setCurrent(Elem->node);
 
     if (Elem->strayTableContent)
-        inStrayTableContent = false;
+        inStrayTableContent--;
 
     if (delBlock)
         delete Elem;
diff --git a/WebCore/khtml/html/htmlparser.h b/WebCore/khtml/html/htmlparser.h
index 0efc703..40ae3e4 100644
--- a/WebCore/khtml/html/htmlparser.h
+++ b/WebCore/khtml/html/htmlparser.h
@@ -176,7 +176,7 @@ protected:
     int discard_until;
 
     bool headLoaded;
-    bool inStrayTableContent;
+    int inStrayTableContent;
     
 #if SPEED_DEBUG > 0
     QTime qt;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list