Mitigate out-of-bounds access in InlineIterator
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 9 Jan 2013 19:08:58 +0000 (19:08 +0000)
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 9 Jan 2013 19:08:58 +0000 (19:08 +0000)
commit2b73fe293074fac28a0da67ede7778d551dda711
tree81367f03163c328e22d5b73d3fed20ffba467162
parent1d686571a4070478995b16a3bb526604bb588e56
Mitigate out-of-bounds access in InlineIterator
https://bugs.webkit.org/show_bug.cgi?id=104812

Reviewed by Levi Weintraub.

Share code between InlineIterator::current and InlineIterator::previousInSameNode,
thereby checking for access outside text renderer's length.

* rendering/InlineIterator.h:
(InlineIterator):
(WebCore::InlineIterator::characterAt):
(WebCore):
(WebCore::InlineIterator::current):
(WebCore::InlineIterator::previousInSameNode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@139213 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/rendering/InlineIterator.h