diff options
| author | Jorge Arellano Cid <jcid@dillo.org> | 2013-08-26 15:05:43 -0400 |
|---|---|---|
| committer | Jorge Arellano Cid <jcid@dillo.org> | 2013-08-26 15:05:43 -0400 |
| commit | 4fbea0e16f95208a8293b0f7fa96652bdc7a33dc (patch) | |
| tree | 40605fb3a9a9b9c9cc11826755c61932235ae70e /src | |
| parent | d89ceb0eae02e71862dbcc5969105109f90d2ca4 (diff) | |
Fix handling of the BODY element
Avoids overflow of Num_BODY variable, its potential problems
and improves HTML bug messages.
e.g. details in crash-null_preprocessAttrs.html.asan.
The num-head, num-title, num-body, num-html patch series is a
bundle for the same type of problem/solution.
Diffstat (limited to 'src')
| -rw-r--r-- | src/html.cc | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/html.cc b/src/html.cc index 3e310ce0..6b129188 100644 --- a/src/html.cc +++ b/src/html.cc @@ -1787,14 +1787,18 @@ static void Html_tag_open_body(DilloHtml *html, const char *tag, int tagsize) int tag_index_a = a_Html_tag_index ("a"); style::Color *bgColor; + _MSG("Html_tag_open_body Num_BODY=%d\n", html->Num_BODY); if (!(html->InFlags & IN_BODY)) html->InFlags |= IN_BODY; - ++html->Num_BODY; + if (html->Num_BODY < UCHAR_MAX) + ++html->Num_BODY; if (html->Num_BODY > 1) { BUG_MSG("BODY element was already open\n"); + html->ReqTagClose = true; return; } + if (html->InFlags & IN_HEAD) { /* if we're here, it's bad XHTML, no need to recover */ BUG_MSG("unclosed HEAD element\n"); @@ -1862,10 +1866,8 @@ static void Html_tag_open_body(DilloHtml *html, const char *tag, int tagsize) */ static void Html_tag_close_body(DilloHtml *html) { - if (html->Num_BODY == 1) { - /* some tag soup pages use multiple BODY tags... */ - html->InFlags &= ~IN_BODY; - } + /* Some tag soup pages use multiple BODY tags... + * Defer clearing the IN_BODY flag until IN_EOF */ } /* |