CVE-2010-1398 fix

This commit is contained in:
Jaroslav Reznik 2010-06-14 14:58:01 +00:00
parent a5dc781fae
commit 6d30a55d1e
1 changed files with 32 additions and 24 deletions

View File

@ -1,6 +1,6 @@
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.cpp
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-02 04:03:12.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-10 21:10:21.197317643 +0200
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp.CVE-2010-1398 2010-06-02 04:03:12.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.cpp 2010-06-11 16:12:55.750525354 +0200
@@ -35,6 +35,7 @@
#include "ClientRect.h"
#include "ClientRectList.h"
@ -25,7 +25,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Elem
#if ENABLE(SVG)
#include "SVGNames.h"
@@ -91,6 +94,51 @@
@@ -91,6 +94,51 @@ NodeRareData* Element::createRareData()
{
return new ElementRareData;
}
@ -77,10 +77,18 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Elem
PassRefPtr<Node> Element::cloneNode(bool deep)
{
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.h
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-02 04:03:12.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-10 21:09:56.802317368 +0200
@@ -89,6 +89,8 @@
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h.CVE-2010-1398 2010-06-02 04:03:12.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Element.h 2010-06-14 16:54:57.639394749 +0200
@@ -28,6 +28,7 @@
#include "ContainerNode.h"
#include "QualifiedName.h"
#include "ScrollTypes.h"
+#include "DocumentFragment.h"
namespace WebCore {
@@ -89,6 +90,8 @@ public:
DEFINE_ATTRIBUTE_EVENT_LISTENER(search);
DEFINE_ATTRIBUTE_EVENT_LISTENER(selectstart);
@ -89,10 +97,10 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/dom/Elem
const AtomicString& getIDAttribute() const;
bool hasAttribute(const QualifiedName&) const;
const AtomicString& getAttribute(const QualifiedName&) const;
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/editing/markup.cpp
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-02 04:03:10.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-10 21:05:12.880192498 +0200
@@ -1054,11 +1054,7 @@
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp.CVE-2010-1398 2010-06-02 04:03:10.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/markup.cpp 2010-06-11 16:12:55.752525451 +0200
@@ -1054,11 +1054,7 @@ String createMarkup(const Range* range,
PassRefPtr<DocumentFragment> createFragmentFromMarkup(Document* document, const String& markup, const String& baseURL)
{
@ -105,10 +113,10 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/editing/
if (fragment && !baseURL.isEmpty() && baseURL != blankURL() && baseURL != document->baseURL())
completeURLs(fragment.get(), baseURL);
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-02 04:03:10.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3-CVE-2010-1398/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-10 21:13:26.701317282 +0200
@@ -235,9 +235,9 @@
diff -up qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp.CVE-2010-1398 2010-06-02 04:03:10.000000000 +0200
+++ qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTMLElement.cpp 2010-06-11 16:12:55.753537613 +0200
@@ -235,9 +235,9 @@ String HTMLElement::outerHTML() const
return createMarkup(this);
}
@ -120,7 +128,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
if (endTagRequirement() == TagStatusForbidden)
return 0;
@@ -245,47 +245,7 @@
@@ -245,47 +245,7 @@ PassRefPtr<DocumentFragment> HTMLElement
hasLocalName(headTag) || hasLocalName(styleTag) || hasLocalName(titleTag))
return 0;
@ -169,7 +177,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
}
static inline bool hasOneChild(ContainerNode* node)
@@ -371,7 +331,7 @@
@@ -371,7 +331,7 @@ void HTMLElement::setOuterHTML(const Str
void HTMLElement::setInnerText(const String& text, ExceptionCode& ec)
{
@ -178,7 +186,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
if (endTagRequirement() == TagStatusForbidden) {
ec = NO_MODIFICATION_ALLOWED_ERR;
return;
@@ -441,7 +401,7 @@
@@ -441,7 +401,7 @@ void HTMLElement::setInnerText(const Str
void HTMLElement::setOuterText(const String &text, ExceptionCode& ec)
{
@ -187,7 +195,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
if (endTagRequirement() == TagStatusForbidden) {
ec = NO_MODIFICATION_ALLOWED_ERR;
return;
@@ -469,7 +429,7 @@
@@ -469,7 +429,7 @@ void HTMLElement::setOuterText(const Str
if (ec)
return;
@ -196,7 +204,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
Node* prev = t->previousSibling();
if (prev && prev->isTextNode()) {
Text* textPrev = static_cast<Text*>(prev);
@@ -482,7 +442,7 @@
@@ -482,7 +442,7 @@ void HTMLElement::setOuterText(const Str
t = textPrev;
}
@ -205,7 +213,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
Node* next = t->nextSibling();
if (next && next->isTextNode()) {
Text* textNext = static_cast<Text*>(next);
@@ -522,7 +482,7 @@
@@ -522,7 +482,7 @@ Node* HTMLElement::insertAdjacent(const
return 0;
}
@ -214,7 +222,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
ec = NOT_SUPPORTED_ERR;
return 0;
}
@@ -530,7 +490,7 @@
@@ -530,7 +490,7 @@ Node* HTMLElement::insertAdjacent(const
Element* HTMLElement::insertAdjacentElement(const String& where, Element* newChild, ExceptionCode& ec)
{
if (!newChild) {
@ -223,7 +231,7 @@ diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/html/HTM
ec = TYPE_MISMATCH_ERR;
return 0;
}
@@ -567,8 +527,8 @@
@@ -567,8 +527,8 @@ void HTMLElement::addHTMLAlignment(Mappe
void HTMLElement::addHTMLAlignmentToStyledElement(StyledElement* element, MappedAttribute* attr)
{