From 07bbdaebba70e125e0aa6a276a10531c47649a17 Mon Sep 17 00:00:00 2001
From: John Mark Bell <jmb@netsurf-browser.org>
Date: Sat, 10 Jan 2009 00:52:51 +0000
Subject: Fix buffer overflows. Remind me to refactor this code -- it's ugly.

svn path=/trunk/libcss/; revision=6012
---
 src/parse/properties.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/parse/properties.c b/src/parse/properties.c
index f6f18a0..317062a 100644
--- a/src/parse/properties.c
+++ b/src/parse/properties.c
@@ -2738,7 +2738,7 @@ css_error parse_font_family(css_language *c,
 					/* Skip past [ IDENT* S* ]* */
 					while (token != NULL) {
 						token = parserutils_vector_peek(
-								vector, temp_ctx);
+								vector, *ctx);
 						if (token != NULL && 
 							token->type != 
 							CSS_TOKEN_IDENT &&
@@ -2757,8 +2757,10 @@ css_error parse_font_family(css_language *c,
 					ptr += sizeof(opv);
 				}
 
-				memcpy(ptr, &name, sizeof(name));
-				ptr += sizeof(name);
+				if (opv == FONT_FAMILY_IDENT_LIST) {
+					memcpy(ptr, &name, sizeof(name));
+					ptr += sizeof(name);
+				}
 			} else if (token->type == CSS_TOKEN_STRING) {
 				opv = FONT_FAMILY_STRING;
 
@@ -2776,7 +2778,7 @@ css_error parse_font_family(css_language *c,
 
 			consumeWhitespace(vector, ctx);
 
-			token = parserutils_vector_peek(vector, temp_ctx);
+			token = parserutils_vector_peek(vector, *ctx);
 			if (token != NULL && tokenIsChar(token, ',')) {
 				parserutils_vector_iterate(vector, ctx);
 
-- 
cgit v1.2.3