From e86173f4bf6e029af6ea0f1348c6b934a1b488f8 Mon Sep 17 00:00:00 2001 From: John Mark Bell Date: Thu, 29 Apr 2010 21:56:28 +0000 Subject: Really fix hint leaks. Hint data ownership is passed to libcss. Ensure that hint is initialised before asking client to populate it (so as to guard against broken clients) svn path=/trunk/libcss/; revision=10520 --- src/select/properties.c | 171 +++++++++--------------------------------------- src/select/select.c | 3 + 2 files changed, 34 insertions(+), 140 deletions(-) diff --git a/src/select/properties.c b/src/select/properties.c index 4cfe579..29f87f6 100644 --- a/src/select/properties.c +++ b/src/select/properties.c @@ -1586,33 +1586,10 @@ css_error cascade_content(uint32_t opv, css_style *style, css_error set_content_from_hint(const css_hint *hint, css_computed_style *style) { - uint32_t n_items = 0; css_computed_content_item *item; - css_computed_content_item *copy = NULL; - css_error error = CSS_OK; - - if (hint->status == CSS_CONTENT_SET) { - for (item = hint->data.content; item != NULL && - item->type != CSS_COMPUTED_CONTENT_NONE; - item++) - n_items++; - - copy = style->alloc(NULL, (n_items + 1) * - sizeof(css_computed_content_item), - style->pw); - if (copy == NULL) { - error = CSS_NOMEM; - } else { - memcpy(copy, hint->data.content, (n_items + 1) * - sizeof(css_computed_content_item)); - } - } + css_error error; - if (error == CSS_OK) { - error = set_content(style, hint->status, copy); - if (error != CSS_OK && copy != NULL) - style->alloc(copy, 0, style->pw); - } + error = set_content(style, hint->status, hint->data.content); for (item = hint->data.content; item != NULL && item->type != CSS_COMPUTED_CONTENT_NONE; @@ -1639,6 +1616,9 @@ css_error set_content_from_hint(const css_hint *hint, } } + if (error != CSS_OK && hint->data.content != NULL) + style->alloc(hint->data.content, 0, style->pw); + return error; } @@ -1738,32 +1718,10 @@ css_error cascade_counter_increment(uint32_t opv, css_style *style, css_error set_counter_increment_from_hint(const css_hint *hint, css_computed_style *style) { - uint32_t n_items = 0; css_computed_counter *item; - css_computed_counter *copy = NULL; - css_error error = CSS_OK; - - if (hint->status == CSS_COUNTER_INCREMENT_NAMED && - hint->data.counter != NULL) { - for (item = hint->data.counter; item->name != NULL; item++) - n_items++; - - copy = style->alloc(NULL, (n_items + 1) * - sizeof(css_computed_counter), - style->pw); - if (copy == NULL) { - error = CSS_NOMEM; - } else { - memcpy(copy, hint->data.counter, (n_items + 1) * - sizeof(css_computed_counter)); - } - } + css_error error; - if (error == CSS_OK) { - error = set_counter_increment(style, hint->status, copy); - if (error != CSS_OK && copy != NULL) - style->alloc(copy, 0, style->pw); - } + error = set_counter_increment(style, hint->status, hint->data.counter); if (hint->status == CSS_COUNTER_INCREMENT_NAMED && hint->data.counter != NULL) { @@ -1772,6 +1730,9 @@ css_error set_counter_increment_from_hint(const css_hint *hint, } } + if (error != CSS_OK && hint->data.counter != NULL) + style->alloc(hint->data.counter, 0, style->pw); + return error; } @@ -1858,32 +1819,10 @@ css_error cascade_counter_reset(uint32_t opv, css_style *style, css_error set_counter_reset_from_hint(const css_hint *hint, css_computed_style *style) { - uint32_t n_items = 0; css_computed_counter *item; - css_computed_counter *copy = NULL; - css_error error = CSS_OK; - - if (hint->status == CSS_COUNTER_RESET_NAMED && - hint->data.counter != NULL) { - for (item = hint->data.counter; item->name != NULL; item++) - n_items++; - - copy = style->alloc(NULL, (n_items + 1) * - sizeof(css_computed_counter), - style->pw); - if (copy == NULL) { - error = CSS_NOMEM; - } else { - memcpy(copy, hint->data.counter, (n_items + 1) * - sizeof(css_computed_counter)); - } - } + css_error error; - if (error == CSS_OK) { - error = set_counter_increment(style, hint->status, copy); - if (error != CSS_OK && copy != NULL) - style->alloc(copy, 0, style->pw); - } + error = set_counter_reset(style, hint->status, hint->data.counter); if (hint->status == CSS_COUNTER_RESET_NAMED && hint->data.counter != NULL) { @@ -1892,6 +1831,9 @@ css_error set_counter_reset_from_hint(const css_hint *hint, } } + if (error != CSS_OK && hint->data.counter != NULL) + style->alloc(hint->data.counter, 0, style->pw); + return error; } @@ -2175,36 +2117,19 @@ css_error cascade_cursor(uint32_t opv, css_style *style, css_error set_cursor_from_hint(const css_hint *hint, css_computed_style *style) { - uint32_t n_items = 0; lwc_string **item; - lwc_string **copy = NULL; - css_error error = CSS_OK; - - if (hint->data.strings != NULL) { - for (item = hint->data.strings; (*item) != NULL; item++) - n_items++; - - copy = style->alloc(NULL, (n_items + 1) * sizeof(lwc_string *), - style->pw); - if (copy == NULL) { - error = CSS_NOMEM; - } else { - memcpy(copy, hint->data.strings, (n_items + 1) * - sizeof(lwc_string *)); - } - } + css_error error; - if (error == CSS_OK) { - error = set_cursor(style, hint->status, copy); - if (error != CSS_OK && copy != NULL) - style->alloc(copy, 0, style->pw); - } + error = set_cursor(style, hint->status, hint->data.strings); for (item = hint->data.strings; item != NULL && (*item) != NULL; item++) { lwc_string_unref(*item); } + if (error != CSS_OK && hint->data.strings != NULL) + style->alloc(hint->data.strings, 0, style->pw); + return error; } @@ -2729,36 +2654,19 @@ css_error cascade_font_family(uint32_t opv, css_style *style, css_error set_font_family_from_hint(const css_hint *hint, css_computed_style *style) { - uint32_t n_items = 0; lwc_string **item; - lwc_string **copy = NULL; - css_error error = CSS_OK; - - if (hint->data.strings != NULL) { - for (item = hint->data.strings; (*item) != NULL; item++) - n_items++; - - copy = style->alloc(NULL, (n_items + 1) * sizeof(lwc_string *), - style->pw); - if (copy == NULL) { - error = CSS_NOMEM; - } else { - memcpy(copy, hint->data.strings, (n_items + 1) * - sizeof(lwc_string *)); - } - } + css_error error; - if (error == CSS_OK) { - error = set_font_family(style, hint->status, copy); - if (error != CSS_OK && copy != NULL) - style->alloc(copy, 0, style->pw); - } + error = set_font_family(style, hint->status, hint->data.strings); for (item = hint->data.strings; item != NULL && (*item) != NULL; item++) { lwc_string_unref(*item); } + if (error != CSS_OK && hint->data.strings != NULL) + style->alloc(hint->data.strings, 0, style->pw); + return error; } @@ -4772,36 +4680,19 @@ css_error cascade_quotes(uint32_t opv, css_style *style, css_error set_quotes_from_hint(const css_hint *hint, css_computed_style *style) { - uint32_t n_items = 0; lwc_string **item; - lwc_string **copy = NULL; - css_error error = CSS_OK; - - if (hint->data.strings != NULL) { - for (item = hint->data.strings; (*item) != NULL; item++) - n_items++; - - copy = style->alloc(NULL, (n_items + 1) * sizeof(lwc_string *), - style->pw); - if (copy == NULL) { - error = CSS_NOMEM; - } else { - memcpy(copy, hint->data.strings, (n_items + 1) * - sizeof(lwc_string *)); - } - } - - if (error == CSS_OK) { - error = set_quotes(style, hint->status, copy); - if (error != CSS_OK && copy != NULL) - style->alloc(copy, 0, style->pw); - } + css_error error; + + error = set_quotes(style, hint->status, hint->data.strings); for (item = hint->data.strings; item != NULL && (*item) != NULL; item++) { lwc_string_unref(*item); } + if (error != CSS_OK && hint->data.strings != NULL) + style->alloc(hint->data.strings, 0, style->pw); + return error; } diff --git a/src/select/select.c b/src/select/select.c index abf4099..b2820c8 100644 --- a/src/select/select.c +++ b/src/select/select.c @@ -423,6 +423,9 @@ css_error set_hint(css_select_state *state, uint32_t i) css_hint hint; css_error error; + /* Initialise hint */ + memset(&hint, 0, sizeof(css_hint)); + /* Retrieve this property's hint from the client */ error = state->handler->node_presentational_hint(state->pw, state->node, i, &hint); -- cgit v1.2.3