34 lines
2.0 KiB
Diff
34 lines
2.0 KiB
Diff
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp
|
|
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp 2010-06-02 04:03:11.000000000 +0200
|
|
+++ qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderText.cpp 2010-06-11 13:42:31.190174662 +0200
|
|
@@ -207,7 +207,7 @@
|
|
PassRefPtr<StringImpl> RenderText::originalText() const
|
|
{
|
|
Node* e = node();
|
|
- return e ? static_cast<Text*>(e)->dataImpl() : 0;
|
|
+ return (e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : 0;
|
|
}
|
|
|
|
void RenderText::absoluteRects(Vector<IntRect>& rects, int tx, int ty)
|
|
diff -ur qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp
|
|
--- qt-everywhere-opensource-src-4.6.3/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp 2010-06-02 04:03:11.000000000 +0200
|
|
+++ qt-everywhere-opensource-src-4.6.3-CVE-1770/src/3rdparty/webkit/WebCore/rendering/RenderTextFragment.cpp 2010-06-11 13:42:31.197153658 +0200
|
|
@@ -47,7 +47,7 @@
|
|
PassRefPtr<StringImpl> RenderTextFragment::originalText() const
|
|
{
|
|
Node* e = node();
|
|
- RefPtr<StringImpl> result = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
|
|
+ RefPtr<StringImpl> result = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
|
|
if (result && (start() > 0 || start() < result->length()))
|
|
result = result->substring(start(), end());
|
|
return result.release();
|
|
@@ -76,7 +76,7 @@
|
|
{
|
|
if (start()) {
|
|
Node* e = node();
|
|
- StringImpl* original = (e ? static_cast<Text*>(e)->dataImpl() : contentString());
|
|
+ StringImpl* original = ((e && e->isTextNode()) ? static_cast<Text*>(e)->dataImpl() : contentString());
|
|
if (original)
|
|
return (*original)[start() - 1];
|
|
}
|