From 239915200225fea4c5a02e9630044ef13fccb66d Mon Sep 17 00:00:00 2001 From: npm Date: Mon, 28 Nov 2016 12:49:29 -0800 Subject: Fix crash in CFDE_CSSSyntaxParser when parsing empty url When parsing "url('')", Subtract() should be called to correctly set m_iDatLen. But iLength will be 0 because there is no url. So I changed the ASSERT. Also replaced some non-const refs with pointers to make the code more readable. BUG=659509 Review-Url: https://codereview.chromium.org/2535663003 --- xfa/fde/css/fde_cssdatatable.cpp | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'xfa/fde/css/fde_cssdatatable.cpp') diff --git a/xfa/fde/css/fde_cssdatatable.cpp b/xfa/fde/css/fde_cssdatatable.cpp index d2f81833e3..2f4841429d 100644 --- a/xfa/fde/css/fde_cssdatatable.cpp +++ b/xfa/fde/css/fde_cssdatatable.cpp @@ -698,31 +698,31 @@ bool FDE_ParseCSSNumber(const FX_WCHAR* pszValue, bool FDE_ParseCSSString(const FX_WCHAR* pszValue, int32_t iValueLen, - int32_t& iOffset, - int32_t& iLength) { + int32_t* iOffset, + int32_t* iLength) { ASSERT(pszValue && iValueLen > 0); - iOffset = 0; - iLength = iValueLen; + *iOffset = 0; + *iLength = iValueLen; if (iValueLen >= 2) { FX_WCHAR first = pszValue[0], last = pszValue[iValueLen - 1]; if ((first == '\"' && last == '\"') || (first == '\'' && last == '\'')) { - iOffset = 1, iLength -= 2; + *iOffset = 1; + *iLength -= 2; } } return iValueLen > 0; } bool FDE_ParseCSSURI(const FX_WCHAR* pszValue, - int32_t iValueLen, - int32_t& iOffset, - int32_t& iLength) { - ASSERT(pszValue && iValueLen > 0); - if (iValueLen < 6 || pszValue[iValueLen - 1] != ')' || + int32_t* iOffset, + int32_t* iLength) { + ASSERT(pszValue && *iLength > 0); + if (*iLength < 6 || pszValue[*iLength - 1] != ')' || FXSYS_wcsnicmp(L"url(", pszValue, 4)) { return false; } - if (FDE_ParseCSSString(pszValue + 4, iValueLen - 5, iOffset, iLength)) { - iOffset += 4; + if (FDE_ParseCSSString(pszValue + 4, *iLength - 5, iOffset, iLength)) { + *iOffset += 4; return true; } return false; -- cgit v1.2.3