diff options
| -rw-r--r-- | chrome/browser/autocomplete/autocomplete_match.cc | 9 | ||||
| -rw-r--r-- | chrome/browser/ui/cocoa/omnibox/omnibox_popup_view_mac.mm | 16 |
2 files changed, 20 insertions, 5 deletions
diff --git a/chrome/browser/autocomplete/autocomplete_match.cc b/chrome/browser/autocomplete/autocomplete_match.cc index 82d9d2a..13bee33 100644 --- a/chrome/browser/autocomplete/autocomplete_match.cc +++ b/chrome/browser/autocomplete/autocomplete_match.cc @@ -7,6 +7,7 @@ #include "base/logging.h" #include "base/string_number_conversions.h" #include "base/string_util.h" +#include "chrome/browser/autocomplete/autocomplete.h" #include "chrome/browser/search_engines/template_url.h" #include "chrome/browser/search_engines/template_url_service.h" #include "chrome/browser/search_engines/template_url_service_factory.h" @@ -336,9 +337,13 @@ void AutocompleteMatch::ValidateClassifications( for (ACMatchClassifications::const_iterator i(classifications.begin() + 1); i != classifications.end(); ++i) { DCHECK_GT(i->offset, last_offset) - << "Classification unsorted for \"" << text << '"'; + << " Classification for \"" << text << "\" with offset of " << i->offset + << " is unsorted in relation to last offset of " << last_offset + << ". Provider: " << (provider ? provider->name() : "None") << "."; DCHECK_LT(i->offset, text.length()) - << "Classification out of bounds for \"" << text << '"'; + << " Classification of [" << i->offset << "," << text.length() + << "] is out of bounds for \"" << text << "\". Provider: " + << (provider ? provider->name() : "None") << "."; last_offset = i->offset; } } diff --git a/chrome/browser/ui/cocoa/omnibox/omnibox_popup_view_mac.mm b/chrome/browser/ui/cocoa/omnibox/omnibox_popup_view_mac.mm index 566896d..6bab836 100644 --- a/chrome/browser/ui/cocoa/omnibox/omnibox_popup_view_mac.mm +++ b/chrome/browser/ui/cocoa/omnibox/omnibox_popup_view_mac.mm @@ -117,14 +117,24 @@ NSMutableAttributedString* OmniboxPopupViewMac::DecorateMatchedString( attributes:attributes] autorelease]; + // As a protective measure, bail if the length of the match string is not + // the same as the length of the converted NSString. http://crbug.com/121703 + if ([s length] != matchString.size()) + return as; + // Mark up the runs which differ from the default. for (ACMatchClassifications::const_iterator i = classifications.begin(); i != classifications.end(); ++i) { const BOOL isLast = (i+1) == classifications.end(); - const size_t nextOffset = (isLast ? matchString.length() : (i + 1)->offset); + const NSInteger nextOffset = + (isLast ? [s length] : static_cast<NSInteger>((i + 1)->offset)); const NSInteger location = static_cast<NSInteger>(i->offset); - const NSInteger length = static_cast<NSInteger>(nextOffset - i->offset); - const NSRange range = NSMakeRange(location, length); + const NSInteger length = nextOffset - static_cast<NSInteger>(i->offset); + // Guard against bad, off-the-end classification ranges. + if (i->offset >= [s length] || length <= 0) + break; + const NSRange range = NSMakeRange(location, + MIN(length, static_cast<NSInteger>([s length]) - location)); if (0 != (i->style & ACMatchClassification::URL)) { [as addAttribute:NSForegroundColorAttributeName |