2011-06-16 Jeffrey Pfau <jpfau@apple.com>
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 17 Jun 2011 05:54:14 +0000 (05:54 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 17 Jun 2011 05:54:14 +0000 (05:54 +0000)
commitb595ff830a9408bc0586955de3a44211dfe89bbd
tree7c6e6b762c1dd2e2b0386dd5748064a43ab557fc
parent3de61108c8521de4a7e1f1f80c6c99ebdf52a4d5
2011-06-16  Jeffrey Pfau  <jpfau@apple.com>

        Reviewed by Alexey Proskuryakov.

        Using null bytes when setting innerHTML in XTHML results in assertion and a crash due to null-pointer dereference
        https://bugs.webkit.org/show_bug.cgi?id=61053

        Added test cases covering two cases of using innerHTML with null bytes in XHTML.

        * fast/parser/xhtml-innerhtml-null-byte-expected.txt: Added.
        * fast/parser/xhtml-innerhtml-null-byte-first-expected.txt: Added.
        * fast/parser/xhtml-innerhtml-null-byte-first.xhtml: Added.
        * fast/parser/xhtml-innerhtml-null-byte.xhtml: Added.
2011-06-16  Jeffrey Pfau  <jpfau@apple.com>

        Reviewed by Alexey Proskuryakov.

        Using null bytes when setting innerHTML in XTHML results in assertion and a crash due to null-pointer dereference
        https://bugs.webkit.org/show_bug.cgi?id=61053

        XML parsing in-memory XML chunks now passes around a string object instead of a C string, ensuring null characters are properly handled.

        Tests: fast/parser/xhtml-innerhtml-null-byte-first.xhtml
               fast/parser/xhtml-innerhtml-null-byte.xhtml

        * dom/XMLDocumentParser.h:
        * dom/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLParserContext::createMemoryParser):
        (WebCore::XMLDocumentParser::initializeParserContext):
        (WebCore::XMLDocumentParser::appendFragmentSource):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@89118 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/parser/xhtml-innerhtml-null-byte-expected.txt [new file with mode: 0644]
LayoutTests/fast/parser/xhtml-innerhtml-null-byte-first-expected.txt [new file with mode: 0644]
LayoutTests/fast/parser/xhtml-innerhtml-null-byte-first.xhtml [new file with mode: 0644]
LayoutTests/fast/parser/xhtml-innerhtml-null-byte.xhtml [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/XMLDocumentParser.h
Source/WebCore/dom/XMLDocumentParserLibxml2.cpp