corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 489820 and bug 483209 - Make the HTML5 parser check buffer bounds less often and place limits on buffer growth. rs=sicking.

Browse Source
This commit is contained in:
Henri Sivonen
2010-02-12 09:49:06 +02:00
parent 382fdd2350
commit c7fd798070
5 changed files with 136 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
parser/html/nsHtml5TreeBuilder.cpp
View File

@@ -193,6 +193,22 @@ nsHtml5TreeBuilder::comment(PRUnichar* buf, PRInt32 start, PRInt32 length)
return;
}
void
nsHtml5TreeBuilder::ensureBufferSpace(PRInt32 addedLength)
{
PRInt32 newCharBufferCapacity = charBufferLen + addedLength;
if (newCharBufferCapacity > NS_HTML5TREE_BUILDER_BUFFER_FLUSH_THRESHOLD) {
flushCharacters();
newCharBufferCapacity = addedLength;
}
if (newCharBufferCapacity > charBuffer.length) {
jArray<PRUnichar,PRInt32> newBuf = jArray<PRUnichar,PRInt32>(newCharBufferCapacity);
nsHtml5ArrayCopy::arraycopy(charBuffer, newBuf, charBufferLen);
charBuffer.release();
charBuffer = newBuf;
}
}
void
nsHtml5TreeBuilder::characters(const PRUnichar* buf, PRInt32 start, PRInt32 length)
{
@@ -3061,6 +3077,10 @@ nsHtml5TreeBuilder::clearLastListSlot()
void
nsHtml5TreeBuilder::push(nsHtml5StackNode* node)
{
if (currentPtr == NS_HTML5TREE_BUILDER_STACK_MAX_DEPTH) {
pop();
}
currentPtr++;
if (currentPtr == stack.length) {
jArray<nsHtml5StackNode*,PRInt32> newStack = jArray<nsHtml5StackNode*,PRInt32>(stack.length + 64);
@@ -3075,6 +3095,10 @@ nsHtml5TreeBuilder::push(nsHtml5StackNode* node)
void
nsHtml5TreeBuilder::silentPush(nsHtml5StackNode* node)
{
if (currentPtr == NS_HTML5TREE_BUILDER_STACK_MAX_DEPTH) {
pop();
}
currentPtr++;
if (currentPtr == stack.length) {
jArray<nsHtml5StackNode*,PRInt32> newStack = jArray<nsHtml5StackNode*,PRInt32>(stack.length + 64);
@@ -3722,20 +3746,6 @@ nsHtml5TreeBuilder::appendVoidFormToCurrent(nsHtml5HtmlAttributes* attributes)
elementPopped(kNameSpaceID_XHTML, nsHtml5Atoms::form, elt);
}
void
nsHtml5TreeBuilder::accumulateCharacter(PRUnichar c)
{
PRInt32 newLen = charBufferLen + 1;
if (newLen > charBuffer.length) {
jArray<PRUnichar,PRInt32> newBuf = jArray<PRUnichar,PRInt32>(newLen);
nsHtml5ArrayCopy::arraycopy(charBuffer, newBuf, charBufferLen);
charBuffer.release();
charBuffer = newBuf;
}
charBuffer[charBufferLen] = c;
charBufferLen = newLen;
}
void
nsHtml5TreeBuilder::requestSuspension()
{