diff options
| author | rouslan@chromium.org <rouslan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-11 20:08:22 +0000 |
|---|---|---|
| committer | rouslan@chromium.org <rouslan@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-11 20:08:22 +0000 |
| commit | 8c8781fd8590fe123cbea3ffaa589f4928a96188 (patch) | |
| tree | 46553c3db8cafcd9cad3ff7b7eeeeec3e562347b /chrome/renderer/spellchecker | |
| parent | 10e82ebfba10de942551387e8d7d3f00075ac2d9 (diff) | |
| download | chromium_src-8c8781fd8590fe123cbea3ffaa589f4928a96188.zip chromium_src-8c8781fd8590fe123cbea3ffaa589f4928a96188.tar.gz chromium_src-8c8781fd8590fe123cbea3ffaa589f4928a96188.tar.bz2 | |
Handle null char in the middle of text in custom spellcheck dictionary engine
The code in custom spellcheck dictionary erroneously assumes that null char
terminates the string. Other code does not make this assumption, however, and
passes misspelling offsets to custom spellcheck dictionary that are past the
position of the null char. This causes an exception. The fix is to not convert
the string into a char array and then back into a string in custom spellcheck
dictionary engine.
TEST=CustomDictionaryTest.HandlesNullCharacters
TEST=CustomDictionaryTest.HandlesEmptyWordWithInvalidSubstring
BUG=258550
Review URL: https://chromiumcodereview.appspot.com/18137008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@211197 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer/spellchecker')
4 files changed, 14 insertions, 12 deletions
diff --git a/chrome/renderer/spellchecker/custom_dictionary_engine.cc b/chrome/renderer/spellchecker/custom_dictionary_engine.cc index a6dca91..9c6eb9f 100644 --- a/chrome/renderer/spellchecker/custom_dictionary_engine.cc +++ b/chrome/renderer/spellchecker/custom_dictionary_engine.cc @@ -41,18 +41,14 @@ void CustomDictionaryEngine::OnCustomDictionaryChanged( } bool CustomDictionaryEngine::SpellCheckWord( - const char16* text, + const string16& text, int misspelling_start, int misspelling_len) { - DCHECK(text); - string16 text16(text); - // The text to be checked is empty on OSX(async) right now. // TODO(groby): Fix as part of async hook-up. (http://crbug.com/178241) - if (text16.empty()) - return false; - DCHECK(text16.length() >= size_t(misspelling_start + misspelling_len)); - return misspelling_start >= 0 && + return + misspelling_start >= 0 && misspelling_len > 0 && - dictionary_.count(text16.substr(misspelling_start, misspelling_len)) > 0; + size_t(misspelling_start + misspelling_len) <= text.length() && + dictionary_.count(text.substr(misspelling_start, misspelling_len)) > 0; } diff --git a/chrome/renderer/spellchecker/custom_dictionary_engine.h b/chrome/renderer/spellchecker/custom_dictionary_engine.h index c87611b..fde49d6 100644 --- a/chrome/renderer/spellchecker/custom_dictionary_engine.h +++ b/chrome/renderer/spellchecker/custom_dictionary_engine.h @@ -25,7 +25,7 @@ class CustomDictionaryEngine { // Spellcheck |text|. Assumes that another spelling engine has set // |misspelling_start| and |misspelling_len| to indicate a misspelling. // Returns true if there are no misspellings, otherwise returns false. - bool SpellCheckWord(const char16* text, + bool SpellCheckWord(const string16& text, int misspelling_start, int misspelling_len); diff --git a/chrome/renderer/spellchecker/custom_dictionary_engine_unittest.cc b/chrome/renderer/spellchecker/custom_dictionary_engine_unittest.cc index 3a6ea8a..6e268c8 100644 --- a/chrome/renderer/spellchecker/custom_dictionary_engine_unittest.cc +++ b/chrome/renderer/spellchecker/custom_dictionary_engine_unittest.cc @@ -21,3 +21,8 @@ TEST(CustomDictionaryTest, Basic) { engine.Init(custom_words); EXPECT_TRUE(engine.SpellCheckWord(ASCIIToUTF16("helllo").c_str(), 0, 6)); } + +TEST(CustomDictionaryTest, HandlesNullCharacters) { + char16 data[4] = {'a', 0, 'b', 'c'}; + EXPECT_FALSE(CustomDictionaryEngine().SpellCheckWord(data, 1, 1)); +} diff --git a/chrome/renderer/spellchecker/spellcheck.cc b/chrome/renderer/spellchecker/spellcheck.cc index 68f0182..95ba6bf 100644 --- a/chrome/renderer/spellchecker/spellcheck.cc +++ b/chrome/renderer/spellchecker/spellcheck.cc @@ -223,7 +223,7 @@ bool SpellCheck::SpellCheckParagraph( } if (!custom_dictionary_.SpellCheckWord( - &text[offset], misspelling_start, misspelling_length)) { + text, misspelling_start + offset, misspelling_length)) { string16 replacement; textcheck_results.push_back(WebTextCheckingResult( WebKit::WebTextCheckingTypeSpelling, @@ -368,7 +368,8 @@ void SpellCheck::CreateTextCheckingResults( type = WebKit::WebTextCheckingTypeGrammar; } } - if (!custom_dictionary_.SpellCheckWord(text, word_location, word_length)) { + if (!custom_dictionary_.SpellCheckWord( + line_text, word_location, word_length)) { list.push_back(WebTextCheckingResult( type, word_location + line_offset, |