Followup to CSSTokenizer memory usage optimization

Make sure to measure the same input string as we're going to parse. BUG=358667,352544 Review URL: https://codereview.chromium.org/220113006 git-svn-id: svn://svn.chromium.org/blink/trunk@170636 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Followup to CSSTokenizer memory usage optimization
Make sure to measure the same input string as we're going to parse. BUG=358667,352544 Review URL: https://codereview.chromium.org/220113006 git-svn-id: svn://svn.chromium.org/blink/trunk@170636 bbb929c8-8fbe-4397-9dbb-9b2b20218538
3893eed2 · bratell@opera.com · 503e4510 · 3893eed2 · 3893eed2 · 3893eed2
Commit 3893eed2 authored Apr 02, 2014 by bratell@opera.com
3 changed files
--- a/third_party/WebKit/LayoutTests/fast/css/css-escaped-identifier-crash-expected.txt
+++ b/third_party/WebKit/LayoutTests/fast/css/css-escaped-identifier-crash-expected.txt
+Test for crash discovered with escapes in CSS identifiers. If this text appears, the test passed.
--- a/third_party/WebKit/LayoutTests/fast/css/css-escaped-identifier-crash.html
+++ b/third_party/WebKit/LayoutTests/fast/css/css-escaped-identifier-crash.html
+<html>
+<head>
+    <style>foo { D\\\\\$\eeeeeeeeeee\\\\\\\\\\\\\\\\\\ }</style>
+    <script>
+        if (window.testRunner)
+            testRunner.dumpAsText();
+    </script>
+</head>
+<body>
+    <p>
+        Test for crash discovered with escapes in CSS identifiers.  If this text appears, the test passed.
+    </p>
+</body>
+</html>
--- a/third_party/WebKit/Source/core/css/CSSTokenizer-in.cpp
+++ b/third_party/WebKit/Source/core/css/CSSTokenizer-in.cpp
@@ -492,7 +492,7 @@ inline void CSSTokenizer::parseIdentifier(CharacterType*& result, CSSParserStrin
    if (UNLIKELY(!parseIdentifierInternal(currentCharacter<CharacterType>(), result, hasEscape))) {
        // Found an escape we couldn't handle with 8 bits, copy what has been recognized and continue
        ASSERT(is8BitSource());
-        UChar* result16 = allocateStringBuffer16((result - start) + peekMaxIdentifierLen(result));
+        UChar* result16 = allocateStringBuffer16((result - start) + peekMaxIdentifierLen(currentCharacter<CharacterType>()));
        UChar* start16 = result16;
        int i = 0;
        for (; i < result - start; i++)
@@ -565,7 +565,7 @@ inline void CSSTokenizer::parseString(CharacterType*& result, CSSParserString& r
    if (UNLIKELY(!parseStringInternal(currentCharacter<CharacterType>(), result, quote))) {
        // Found an escape we couldn't handle with 8 bits, copy what has been recognized and continue
        ASSERT(is8BitSource());
-        UChar* result16 = allocateStringBuffer16((result - start) + peekMaxStringLen(result, quote));
+        UChar* result16 = allocateStringBuffer16((result - start) + peekMaxStringLen(currentCharacter<CharacterType>(), quote));
        UChar* start16 = result16;
        int i = 0;
        for (; i < result - start; i++)
@@ -675,9 +675,9 @@ inline void CSSTokenizer::parseURI(CSSParserString& string)
        // Reset the current character to the start of the URI and re-parse with
        // a 16-bit destination.
        ASSERT(is8BitSource());
-        UChar* result16 = allocateStringBuffer16(peekMaxURILen(uriStart, quote));
-        UChar* uriStart16 = result16;
        currentCharacter<CharacterType>() = uriStart;
+        UChar* result16 = allocateStringBuffer16(peekMaxURILen(currentCharacter<CharacterType>(), quote));
+        UChar* uriStart16 = result16;
        bool result = parseURIInternal(currentCharacter<CharacterType>(), result16, quote);
        ASSERT_UNUSED(result, result);
        string.init(uriStart16, result16 - uriStart16);