kdelibs/kdelibs-4.6.5-CVE-2010-0046...

17 lines
991 B
Diff

diff -up kdelibs-4.7.3/khtml/css/cssparser.cpp.orig kdelibs-4.7.3/khtml/css/cssparser.cpp
--- kdelibs-4.7.3/khtml/css/cssparser.cpp.orig 2011-11-07 19:14:53.000000000 +0100
+++ kdelibs-4.7.3/khtml/css/cssparser.cpp 2011-11-09 16:02:11.000000000 +0100
@@ -2275,8 +2275,11 @@ bool CSSParser::parseFontFaceSrc()
expectComma = true;
} else if (val->unit == Value::Function) {
// There are two allowed functions: local() and format().
+ // For both we expect a string argument
ValueList *args = val->function->args;
- if (args && args->size() == 1) {
+ if (args && args->size() == 1 &&
+ (args->current()->unit == CSSPrimitiveValue::CSS_STRING ||
+ args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) {
if (!strcasecmp(domString(val->function->name), "local(") && !expectComma) {
expectComma = true;
allowFormat = false;