summaryrefslogtreecommitdiffstats
path: root/WebCore
diff options
context:
space:
mode:
Diffstat (limited to 'WebCore')
-rw-r--r--WebCore/html/HTMLTokenizer.cpp8
1 files changed, 6 insertions, 2 deletions
diff --git a/WebCore/html/HTMLTokenizer.cpp b/WebCore/html/HTMLTokenizer.cpp
index b01d4e4..a3bd787 100644
--- a/WebCore/html/HTMLTokenizer.cpp
+++ b/WebCore/html/HTMLTokenizer.cpp
@@ -879,7 +879,9 @@ HTMLTokenizer::State HTMLTokenizer::parseEntity(SegmentedString& src, UChar*& de
}
} else {
// FIXME: We should eventually colorize entities by sending them as a special token.
- checkBuffer(11);
+ // 12 bytes required: up to 10 bytes in m_cBuffer plus the
+ // leading '&' and trailing ';'
+ checkBuffer(12);
*dest++ = '&';
for (unsigned i = 0; i < cBufferPos; i++)
dest[i] = m_cBuffer[i];
@@ -890,7 +892,9 @@ HTMLTokenizer::State HTMLTokenizer::parseEntity(SegmentedString& src, UChar*& de
}
}
} else {
- checkBuffer(10);
+ // 11 bytes required: up to 10 bytes in m_cBuffer plus the
+ // leading '&'
+ checkBuffer(11);
// ignore the sequence, add it to the buffer as plaintext
*dest++ = '&';
for (unsigned i = 0; i < cBufferPos; i++)
generated by cgit v1.1 at 2025-05-19 14:43:17 +0000