summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Mark Bell <jmb@netsurf-browser.org>2009-01-10 00:52:51 +0000
committerJohn Mark Bell <jmb@netsurf-browser.org>2009-01-10 00:52:51 +0000
commit07bbdaebba70e125e0aa6a276a10531c47649a17 (patch)
tree0e2a3b784d7d13b573f1240b84936ecb9565e18a
parent307b30e64529f299e94cf4cf61a0dab94223208e (diff)
downloadlibcss-07bbdaebba70e125e0aa6a276a10531c47649a17.tar.gz
libcss-07bbdaebba70e125e0aa6a276a10531c47649a17.tar.bz2
Fix buffer overflows. Remind me to refactor this code -- it's ugly.
svn path=/trunk/libcss/; revision=6012
-rw-r--r--src/parse/properties.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/parse/properties.c b/src/parse/properties.c
index f6f18a0..317062a 100644
--- a/src/parse/properties.c
+++ b/src/parse/properties.c
@@ -2738,7 +2738,7 @@ css_error parse_font_family(css_language *c,
/* Skip past [ IDENT* S* ]* */
while (token != NULL) {
token = parserutils_vector_peek(
- vector, temp_ctx);
+ vector, *ctx);
if (token != NULL &&
token->type !=
CSS_TOKEN_IDENT &&
@@ -2757,8 +2757,10 @@ css_error parse_font_family(css_language *c,
ptr += sizeof(opv);
}
- memcpy(ptr, &name, sizeof(name));
- ptr += sizeof(name);
+ if (opv == FONT_FAMILY_IDENT_LIST) {
+ memcpy(ptr, &name, sizeof(name));
+ ptr += sizeof(name);
+ }
} else if (token->type == CSS_TOKEN_STRING) {
opv = FONT_FAMILY_STRING;
@@ -2776,7 +2778,7 @@ css_error parse_font_family(css_language *c,
consumeWhitespace(vector, ctx);
- token = parserutils_vector_peek(vector, temp_ctx);
+ token = parserutils_vector_peek(vector, *ctx);
if (token != NULL && tokenIsChar(token, ',')) {
parserutils_vector_iterate(vector, ctx);