From 5aacb053a3fa0cf0e2a825c63dd3a4ebd916eda4 Mon Sep 17 00:00:00 2001
From: Luke Wilde <lukew@serenityos.org>
Date: Thu, 14 Nov 2024 15:37:48 +0000
Subject: [PATCH] LibWeb: Fix OBOE in bounds check of
 ResolvedCSSStyleDeclaration#item

Without this, it would return "(invalid CSS::PropertyID)" when
requesting item(decl.length).
---
 Libraries/LibWeb/CSS/ResolvedCSSStyleDeclaration.cpp      | 2 +-
 ...s-not-return-invalid-propertyid-on-length-boundary.txt | 1 +
 ...-not-return-invalid-propertyid-on-length-boundary.html | 8 ++++++++
 3 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 Tests/LibWeb/Text/expected/css/getComputedStyle-item-does-not-return-invalid-propertyid-on-length-boundary.txt
 create mode 100644 Tests/LibWeb/Text/input/css/getComputedStyle-item-does-not-return-invalid-propertyid-on-length-boundary.html

diff --git a/Libraries/LibWeb/CSS/ResolvedCSSStyleDeclaration.cpp b/Libraries/LibWeb/CSS/ResolvedCSSStyleDeclaration.cpp
index e5a81b4eef8..0a47b40702d 100644
--- a/Libraries/LibWeb/CSS/ResolvedCSSStyleDeclaration.cpp
+++ b/Libraries/LibWeb/CSS/ResolvedCSSStyleDeclaration.cpp
@@ -76,7 +76,7 @@ String ResolvedCSSStyleDeclaration::item(size_t index) const
 {
     // The item(index) method must return the property name of the CSS declaration at position index.
     // FIXME: Return custom properties if index > last_longhand_property_id.
-    if (index > length())
+    if (index >= length())
         return {};
     auto property_id = static_cast<PropertyID>(index + to_underlying(first_longhand_property_id));
     return string_from_property_id(property_id).to_string();
diff --git a/Tests/LibWeb/Text/expected/css/getComputedStyle-item-does-not-return-invalid-propertyid-on-length-boundary.txt b/Tests/LibWeb/Text/expected/css/getComputedStyle-item-does-not-return-invalid-propertyid-on-length-boundary.txt
new file mode 100644
index 00000000000..2ef77267c48
--- /dev/null
+++ b/Tests/LibWeb/Text/expected/css/getComputedStyle-item-does-not-return-invalid-propertyid-on-length-boundary.txt
@@ -0,0 +1 @@
+getComputedStyle().item(length) should return empty string: ''
diff --git a/Tests/LibWeb/Text/input/css/getComputedStyle-item-does-not-return-invalid-propertyid-on-length-boundary.html b/Tests/LibWeb/Text/input/css/getComputedStyle-item-does-not-return-invalid-propertyid-on-length-boundary.html
new file mode 100644
index 00000000000..4ff453a104d
--- /dev/null
+++ b/Tests/LibWeb/Text/input/css/getComputedStyle-item-does-not-return-invalid-propertyid-on-length-boundary.html
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<script src="../include.js"></script>
+<script>
+    test(() => {
+        const style = getComputedStyle(document.body);
+        println(`getComputedStyle().item(length) should return empty string: '${style.item(style.length)}'`);
+    });
+</script>