mirror of
https://github.com/classilla/tenfourfox.git
synced 2024-06-14 15:30:07 +00:00
limit maximum CSS value/variable lengths
This commit is contained in:
parent
99bece105f
commit
69249a563c
|
@ -1436,6 +1436,9 @@ protected:
|
||||||
// All data from successfully parsed properties are placed into |mData|.
|
// All data from successfully parsed properties are placed into |mData|.
|
||||||
nsCSSExpandedDataBlock mData;
|
nsCSSExpandedDataBlock mData;
|
||||||
|
|
||||||
|
// Value to make sure our resolved variable results stay within sane limits.
|
||||||
|
const uint32_t MAX_CSS_VAR_LENGTH = 10240;
|
||||||
|
|
||||||
public:
|
public:
|
||||||
// Used from nsCSSParser constructors and destructors
|
// Used from nsCSSParser constructors and destructors
|
||||||
CSSParserImpl* mNextFree;
|
CSSParserImpl* mNextFree;
|
||||||
|
@ -2612,6 +2615,12 @@ CSSParserImpl::ResolveValueWithVariableReferencesRec(
|
||||||
// Invalid variable with no fallback.
|
// Invalid variable with no fallback.
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
// Make sure we are still using sane sizes for value and
|
||||||
|
// variableValue, and abort if OOB.
|
||||||
|
if (MOZ_UNLIKELY((value.Length() > MAX_CSS_VAR_LENGTH) ||
|
||||||
|
(variableValue.Length() > MAX_CSS_VAR_LENGTH))) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
// Valid variable with no fallback.
|
// Valid variable with no fallback.
|
||||||
AppendTokens(value, valueFirstToken, valueLastToken,
|
AppendTokens(value, valueFirstToken, valueLastToken,
|
||||||
varFirstToken, varLastToken, variableValue);
|
varFirstToken, varLastToken, variableValue);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user