We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
ladybird
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

LibWeb: Fix StringView OOB access when parsing 3-character legacy color

Found by Domato.
Andreas Kling 1 year ago
parent
7360f7fbc6
commit
1c00e5688d
3 changed files with 11 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      Tests/LibWeb/Text/expected/HTML/short-legacy-color-value.txt
  2. 7 0
      Tests/LibWeb/Text/input/HTML/short-legacy-color-value.html
  3. 3 0
      Userland/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp

+ 1 - 0
Tests/LibWeb/Text/expected/HTML/short-legacy-color-value.txt
View File 

@@ -0,0 +1 @@
 
+  PASS (didn't crash)

+ 7 - 0
Tests/LibWeb/Text/input/HTML/short-legacy-color-value.html
View File 

@@ -0,0 +1,7 @@
 
+<script src="../include.js"></script>
 
+<body bgcolor="foo">
 
+<script>
 
+    test(() => {
 
+        println("PASS (didn't crash)");
 
+    });
 
+</script>

+ 3 - 0
Userland/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp
View File 

@@ -4879,6 +4879,9 @@ Optional<Color> parse_legacy_color_value(StringView string)
 
     }
 
 
     auto to_hex = [&](StringView string) -> u8 {
 
+        if (length == 1) {
 
+            return hex_nibble_to_u8(string[0]);
 
+        }
 
         auto nib1 = hex_nibble_to_u8(string[0]);
 
         auto nib2 = hex_nibble_to_u8(string[1]);
 
         return nib1 << 4 | nib2;

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5