diff options
Diffstat (limited to 'WebCore/css/CSSParser.cpp')
| -rw-r--r-- | WebCore/css/CSSParser.cpp | 45 |
1 files changed, 36 insertions, 9 deletions
diff --git a/WebCore/css/CSSParser.cpp b/WebCore/css/CSSParser.cpp index 57c42d3..087018b 100644 --- a/WebCore/css/CSSParser.cpp +++ b/WebCore/css/CSSParser.cpp @@ -3717,7 +3717,8 @@ bool CSSParser::parseFontFaceUnicodeRange() if (failed) break; } - values->append(CSSUnicodeRangeValue::create(from, to)); + if (from <= to) + values->append(CSSUnicodeRangeValue::create(from, to)); m_valueList->next(); } if (failed || !values->length()) @@ -3731,7 +3732,7 @@ static inline bool isCSSWhitespace(UChar c) return c == ' ' || c == '\t' || c == '\r' || c == '\n' || c == '\f'; } -static inline bool parseInt(const UChar*& string, const UChar* end, UChar terminator, int& value) +static inline bool parseColorInt(const UChar*& string, const UChar* end, UChar terminator, int& value) { const UChar* current = string; int localValue = 0; @@ -3744,8 +3745,17 @@ static inline bool parseInt(const UChar*& string, const UChar* end, UChar termin } if (current == end || !isASCIIDigit(*current)) return false; - while (current != end && isASCIIDigit(*current)) - localValue = localValue * 10 + *current++ - '0'; + while (current != end && isASCIIDigit(*current)) { + int newValue = localValue * 10 + *current++ - '0'; + if (newValue >= 255) { + // Clamp values at 255. + localValue = 255; + while (current != end && isASCIIDigit(*current)) + ++current; + break; + } + localValue = newValue; + } while (current != end && isCSSWhitespace(*current)) current++; if (current == end || *current++ != terminator) @@ -3768,11 +3778,11 @@ bool CSSParser::parseColor(const String &name, RGBA32& rgb, bool strict) int red; int green; int blue; - if (!parseInt(current, end, ',', red)) + if (!parseColorInt(current, end, ',', red)) return false; - if (!parseInt(current, end, ',', green)) + if (!parseColorInt(current, end, ',', green)) return false; - if (!parseInt(current, end, ')', blue)) + if (!parseColorInt(current, end, ')', blue)) return false; if (current != end) return false; @@ -3789,6 +3799,23 @@ bool CSSParser::parseColor(const String &name, RGBA32& rgb, bool strict) return false; } +static inline int colorIntFromValue(CSSParserValue* v) +{ + if (v->fValue <= 0.0) + return 0; + + if (v->unit == CSSPrimitiveValue::CSS_PERCENTAGE) { + if (v->fValue >= 100.0) + return 255; + return static_cast<int>(v->fValue * 256.0 / 100.0); + } + + if (v->fValue >= 255.0) + return 255; + + return static_cast<int>(v->fValue); +} + bool CSSParser::parseColorParameters(CSSParserValue* value, int* colorArray, bool parseAlpha) { CSSParserValueList* args = value->function->args; @@ -3801,7 +3828,7 @@ bool CSSParser::parseColorParameters(CSSParserValue* value, int* colorArray, boo unitType = FPercent; else return false; - colorArray[0] = static_cast<int>(v->fValue * (v->unit == CSSPrimitiveValue::CSS_PERCENTAGE ? 256.0 / 100.0 : 1.0)); + colorArray[0] = colorIntFromValue(v); for (int i = 1; i < 3; i++) { v = args->next(); if (v->unit != CSSParserValue::Operator && v->iValue != ',') @@ -3809,7 +3836,7 @@ bool CSSParser::parseColorParameters(CSSParserValue* value, int* colorArray, boo v = args->next(); if (!validUnit(v, unitType, true)) return false; - colorArray[i] = static_cast<int>(v->fValue * (v->unit == CSSPrimitiveValue::CSS_PERCENTAGE ? 256.0 / 100.0 : 1.0)); + colorArray[i] = colorIntFromValue(v); } if (parseAlpha) { v = args->next(); |