[webkit-changes] [146805] trunk

Mon, 25 Mar 2013 14:42:56 -0700

Title: [146805] trunk
Revision
146805
Author
e...@webkit.org
Date
2013-03-25 13:16:30 -0700 (Mon, 25 Mar 2013)

Log Message

Incorrect parsing due to hash collision
https://bugs.webkit.org/show_bug.cgi?id=113235

Reviewed by Adam Barth.

Source/WebCore:

Test: fast/parser/tag-hash-collision.html

* html/parser/HTMLIdentifier.cpp:
(WebCore::HTMLIdentifier::findIndex):

LayoutTests:

* fast/parser/tag-hash-collision-expected.txt: Added.
* fast/parser/tag-hash-collision.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (146804 => 146805)


--- trunk/LayoutTests/ChangeLog	2013-03-25 20:15:15 UTC (rev 146804)
+++ trunk/LayoutTests/ChangeLog	2013-03-25 20:16:30 UTC (rev 146805)
@@ -1,3 +1,13 @@
+2013-03-25  Eric Seidel  <e...@webkit.org>
+
+        Incorrect parsing due to hash collision
+        https://bugs.webkit.org/show_bug.cgi?id=113235
+
+        Reviewed by Adam Barth.
+
+        * fast/parser/tag-hash-collision-expected.txt: Added.
+        * fast/parser/tag-hash-collision.html: Added.
+
 2013-03-25  Eric Carlson  <eric.carl...@apple.com>
 
         REGRESSION(r146380): media/track/track-user-preferences.html

Added: trunk/LayoutTests/fast/parser/tag-hash-collision-expected.txt (0 => 146805)


--- trunk/LayoutTests/fast/parser/tag-hash-collision-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/parser/tag-hash-collision-expected.txt	2013-03-25 20:16:30 UTC (rev 146805)
@@ -0,0 +1 @@
+PASS

Added: trunk/LayoutTests/fast/parser/tag-hash-collision.html (0 => 146805)


--- trunk/LayoutTests/fast/parser/tag-hash-collision.html	                        (rev 0)
+++ trunk/LayoutTests/fast/parser/tag-hash-collision.html	2013-03-25 20:16:30 UTC (rev 146805)
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner)
+	testRunner.dumpAsText();
+</script>
+<div id="result">
+PASS
+</div>
+<bvvfg style="display: none">
+document.getElementById('result').innerText = 'FAIL';
+</bvvfg>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (146804 => 146805)


--- trunk/Source/WebCore/ChangeLog	2013-03-25 20:15:15 UTC (rev 146804)
+++ trunk/Source/WebCore/ChangeLog	2013-03-25 20:16:30 UTC (rev 146805)
@@ -1,3 +1,15 @@
+2013-03-25  Eric Seidel  <e...@webkit.org>
+
+        Incorrect parsing due to hash collision
+        https://bugs.webkit.org/show_bug.cgi?id=113235
+
+        Reviewed by Adam Barth.
+
+        Test: fast/parser/tag-hash-collision.html
+
+        * html/parser/HTMLIdentifier.cpp:
+        (WebCore::HTMLIdentifier::findIndex):
+
 2013-03-25  Adenilson Cavalcanti  <cavalcan...@gmail.com>
 
         Compile without SVG will fail

Modified: trunk/Source/WebCore/html/parser/HTMLIdentifier.cpp (146804 => 146805)


--- trunk/Source/WebCore/html/parser/HTMLIdentifier.cpp	2013-03-25 20:15:15 UTC (rev 146804)
+++ trunk/Source/WebCore/html/parser/HTMLIdentifier.cpp	2013-03-25 20:16:30 UTC (rev 146805)
@@ -71,6 +71,12 @@
     IdentifierTable::const_iterator it = table.find(hash);
     if (it == table.end())
         return invalidIndex;
+    // It's possible to have hash collisions between arbitrary strings and
+    // known identifiers (e.g. "bvvfg" collides with "script").
+    // However ASSERTs in addNames() guard against there ever being collisions
+    // between known identifiers.
+    if (!equal(it->value.second, characters, length))
+        return invalidIndex;
     return it->value.first;
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to