diff options
| -rw-r--r-- | WebCore/html/HTMLTokenizer.cpp | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/WebCore/html/HTMLTokenizer.cpp b/WebCore/html/HTMLTokenizer.cpp index b01d4e4..a3bd787 100644 --- a/WebCore/html/HTMLTokenizer.cpp +++ b/WebCore/html/HTMLTokenizer.cpp @@ -879,7 +879,9 @@ HTMLTokenizer::State HTMLTokenizer::parseEntity(SegmentedString& src, UChar*& de } } else { // FIXME: We should eventually colorize entities by sending them as a special token. - checkBuffer(11); + // 12 bytes required: up to 10 bytes in m_cBuffer plus the + // leading '&' and trailing ';' + checkBuffer(12); *dest++ = '&'; for (unsigned i = 0; i < cBufferPos; i++) dest[i] = m_cBuffer[i]; @@ -890,7 +892,9 @@ HTMLTokenizer::State HTMLTokenizer::parseEntity(SegmentedString& src, UChar*& de } } } else { - checkBuffer(10); + // 11 bytes required: up to 10 bytes in m_cBuffer plus the + // leading '&' + checkBuffer(11); // ignore the sequence, add it to the buffer as plaintext *dest++ = '&'; for (unsigned i = 0; i < cBufferPos; i++) |