Bug 591330 - Make deep nesting prevention code in the HTML5 parser not crash when there are speculations involved. r=jonas, a=blocking2.0-betaN.

2010-09-06 10:41:26 +03:00
parent e8fb0fdb11
commit ea6b908bf5
10 changed files with 359 additions and 14 deletions
--- a/parser/html/nsHtml5StateSnapshot.cpp
+++ b/parser/html/nsHtml5StateSnapshot.cpp
@@ -59,11 +59,12 @@
 #include "nsHtml5StateSnapshot.h"


-nsHtml5StateSnapshot::nsHtml5StateSnapshot(jArray<nsHtml5StackNode*,PRInt32> stack, jArray<nsHtml5StackNode*,PRInt32> listOfActiveFormattingElements, nsIContent** formPointer, nsIContent** headPointer, PRInt32 mode, PRInt32 originalMode, PRBool framesetOk, PRBool inForeign, PRBool needToDropLF, PRBool quirks)
+nsHtml5StateSnapshot::nsHtml5StateSnapshot(jArray<nsHtml5StackNode*,PRInt32> stack, jArray<nsHtml5StackNode*,PRInt32> listOfActiveFormattingElements, nsIContent** formPointer, nsIContent** headPointer, nsIContent** deepTreeSurrogateParent, PRInt32 mode, PRInt32 originalMode, PRBool framesetOk, PRBool inForeign, PRBool needToDropLF, PRBool quirks)
  : stack(stack),
    listOfActiveFormattingElements(listOfActiveFormattingElements),
    formPointer(formPointer),
    headPointer(headPointer),
+    deepTreeSurrogateParent(deepTreeSurrogateParent),
    mode(mode),
    originalMode(originalMode),
    framesetOk(framesetOk),
@@ -98,6 +99,12 @@ nsHtml5StateSnapshot::getHeadPointer()
  return headPointer;
 }

+nsIContent** 
+nsHtml5StateSnapshot::getDeepTreeSurrogateParent()
+{
+  return deepTreeSurrogateParent;
+}
+
 PRInt32 
 nsHtml5StateSnapshot::getMode()
 {