WebCore:
authorandersca <andersca@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 9 May 2006 08:19:44 +0000 (08:19 +0000)
committerandersca <andersca@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 9 May 2006 08:19:44 +0000 (08:19 +0000)
2006-05-09  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Maciej.

        http://bugzilla.opendarwin.org/show_bug.cgi?id=8803
        XPath query for empty attributes crashes in XPath::StringExpression::StringExpression

        * xpath/impl/XPathParser.cpp:
        (WebCore::XPath::Parser::lexString):
        Make sure an empty string is returned instead of a null string.

        (WebCore::XPath::Parser::lex):
        Only assign the string if it isn't null.

LayoutTests:

2006-05-09  Anders Carlsson  <acarlsson@apple.com>

        Reviewed by Maciej.

        http://bugzilla.opendarwin.org/show_bug.cgi?id=8803
        XPath query for empty attributes crashes in XPath::StringExpression::StringExpression

        * xpath/impl/XPathParser.cpp:
        (WebCore::XPath::Parser::lexString):
        Make sure an empty string is returned instead of a null string.

        (WebCore::XPath::Parser::lex):
        Only assign the string if it isn't null.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@14254 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/dom/xpath-empty-string-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/xpath-empty-string.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/xpath/impl/XPathParser.cpp

index 04b17dfd3af1a634e0a4c85daaa00a94d01db17d..37952fd14994bb0e18ead73bec3fd13de3c1c103 100644 (file)
@@ -1,3 +1,13 @@
+2006-05-09  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Maciej.
+
+        Add test for http://bugzilla.opendarwin.org/show_bug.cgi?id=8803
+        XPath query for empty attributes crashes in XPath::StringExpression::StringExpression
+        
+        * fast/dom/xpath-empty-string-expected.txt: Added.
+        * fast/dom/xpath-empty-string.html: Added.
+
 2006-05-08  Levi Weintraub  <lweintraub@apple.com>
 
         Reviewed by justin.
diff --git a/LayoutTests/fast/dom/xpath-empty-string-expected.txt b/LayoutTests/fast/dom/xpath-empty-string-expected.txt
new file mode 100644 (file)
index 0000000..0384868
--- /dev/null
@@ -0,0 +1,2 @@
+This tests that parsing an XPath expression that contains an empty string literal doesn't segfault.
+SUCCESS: Didn't crash!
diff --git a/LayoutTests/fast/dom/xpath-empty-string.html b/LayoutTests/fast/dom/xpath-empty-string.html
new file mode 100644 (file)
index 0000000..06a6519
--- /dev/null
@@ -0,0 +1,17 @@
+<html>
+<head>
+    <script>
+        function runTests() {
+            if (window.layoutTestController)
+                layoutTestController.dumpAsText();
+                
+            document.evaluate("//a[@id='']",document)
+        }
+    </script>
+</head>
+<body onload="runTests()">
+    This tests that parsing an XPath expression that contains an empty string literal doesn't segfault.<br>
+    SUCCESS: Didn't crash!
+    
+</body>
+</html>
\ No newline at end of file
index ff71e4b34cc0c76e124f38acfe910fb2bc6f8a4e..12f98eaf722e1976044bea8926ff65c3ac3bbe8d 100644 (file)
@@ -1,3 +1,17 @@
+2006-05-09  Anders Carlsson  <acarlsson@apple.com>
+
+        Reviewed by Maciej.
+
+        http://bugzilla.opendarwin.org/show_bug.cgi?id=8803
+        XPath query for empty attributes crashes in XPath::StringExpression::StringExpression
+        
+        * xpath/impl/XPathParser.cpp:
+        (WebCore::XPath::Parser::lexString):
+        Make sure an empty string is returned instead of a null string.
+        
+        (WebCore::XPath::Parser::lex):
+        Only assign the string if it isn't null.
+
 2006-05-09  Alexey Proskuryakov  <ap@nypop.com>
 
         Reviewed by Darin.
index 9903b942f53080ce4a3f8ed8ec6ffe8e0a7c4526..dd3ed82f16e5b22fffcae28c1e0e33338cec0e9a 100644 (file)
@@ -195,6 +195,9 @@ Token Parser::lexString()
     for (m_nextPos = startPos; m_nextPos < m_data.length(); ++m_nextPos) {
         if (m_data[m_nextPos] == delimiter) {
             String value = m_data.deprecatedString().mid(startPos, m_nextPos - startPos);
+            if (value.isNull())
+                value = "";
+                
             ++m_nextPos; //Consume the char;
             return Token(LITERAL, value);
         }
@@ -420,7 +423,7 @@ int Parser::lex(void* data)
     YYSTYPE* yylval = static_cast<YYSTYPE*>(data);
     Token tok = nextToken();
  
-    if (!tok.value.isEmpty()) {
+    if (!tok.value.isNull()) {
         yylval->str = new String(tok.value);
         registerString(yylval->str);
     } else if (tok.intValue)