diff options
| author | dcheng@chromium.org <dcheng@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-13 20:43:53 +0000 |
|---|---|---|
| committer | dcheng@chromium.org <dcheng@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-13 20:43:53 +0000 |
| commit | dd8c19084d416a29065e795cbf17f400afcad943 (patch) | |
| tree | 70e07a5f5f0f271eb403d15841a71d4525006a45 | |
| parent | 43401bc0aa2a06b8f654c0f81dcc2042ac9f1b65 (diff) | |
| download | chromium_src-dd8c19084d416a29065e795cbf17f400afcad943.zip chromium_src-dd8c19084d416a29065e795cbf17f400afcad943.tar.gz chromium_src-dd8c19084d416a29065e795cbf17f400afcad943.tar.bz2 | |
Fix crash in WebClipboardImpl::readHTML.
Make sure string indexes aren't std::string::npos before creating the substring.
BUG=99931
TEST=none
Review URL: http://codereview.chromium.org/8271015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@105366 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | webkit/glue/webclipboard_impl.cc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/webkit/glue/webclipboard_impl.cc b/webkit/glue/webclipboard_impl.cc index 3f66c80..2f915d8 100644 --- a/webkit/glue/webclipboard_impl.cc +++ b/webkit/glue/webclipboard_impl.cc @@ -131,7 +131,9 @@ WebString WebClipboardImpl::readHTML(Buffer buffer, WebURL* source_url) { uint32 fragment_end = 0; ClipboardReadHTML(buffer_type, &html_stdstr, &gurl, &fragment_start, &fragment_end); - return html_stdstr.substr(fragment_start, fragment_end - fragment_start); + if (fragment_start != std::string::npos && fragment_end != std::string::npos) + return html_stdstr.substr(fragment_start, fragment_end - fragment_start); + return WebString(); } WebString WebClipboardImpl::readHTML(Buffer buffer, WebURL* source_url, |