From bb82ee5530a604d76d183f9fd3d40bb5f8217111 Mon Sep 17 00:00:00 2001 From: Sam Atkins Date: Fri, 24 Dec 2021 16:16:55 +0000 Subject: [PATCH] LibWeb: Pass correct values to would_start_a_number() This fixes the crash that Luke found using Domato: ```css . foo { mso-border-alt: solid .-1pt; } ``` The spec distinguishes between "If the next 3 code points would start..." and "If the input stream starts with..." but we were treating them the same way, skipping the first code point in the process. --- Userland/Libraries/LibWeb/CSS/Parser/Tokenizer.cpp | 11 +++-------- Userland/Libraries/LibWeb/CSS/Parser/Tokenizer.h | 1 - 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/Userland/Libraries/LibWeb/CSS/Parser/Tokenizer.cpp b/Userland/Libraries/LibWeb/CSS/Parser/Tokenizer.cpp index b0736ae489..6a43da2288 100644 --- a/Userland/Libraries/LibWeb/CSS/Parser/Tokenizer.cpp +++ b/Userland/Libraries/LibWeb/CSS/Parser/Tokenizer.cpp @@ -881,11 +881,6 @@ Token Tokenizer::consume_a_numeric_token() return token; } -bool Tokenizer::would_start_a_number() const -{ - return would_start_a_number(peek_triplet()); -} - // https://www.w3.org/TR/css-syntax-3/#starts-with-a-number bool Tokenizer::would_start_a_number(U32Triplet values) { @@ -1189,7 +1184,7 @@ Token Tokenizer::consume_a_token() dbgln_if(CSS_TOKENIZER_DEBUG, "is plus sign"); // If the input stream starts with a number, reconsume the current input code point, // consume a numeric token and return it. - if (would_start_a_number()) { + if (would_start_a_number(start_of_input_stream_triplet())) { reconsume_current_input_code_point(); return consume_a_numeric_token(); } @@ -1210,7 +1205,7 @@ Token Tokenizer::consume_a_token() dbgln_if(CSS_TOKENIZER_DEBUG, "is hyphen minus"); // If the input stream starts with a number, reconsume the current input code point, // consume a numeric token, and return it. - if (would_start_a_number()) { + if (would_start_a_number(start_of_input_stream_triplet())) { reconsume_current_input_code_point(); return consume_a_numeric_token(); } @@ -1241,7 +1236,7 @@ Token Tokenizer::consume_a_token() dbgln_if(CSS_TOKENIZER_DEBUG, "is full stop"); // If the input stream starts with a number, reconsume the current input code point, // consume a numeric token, and return it. - if (would_start_a_number()) { + if (would_start_a_number(start_of_input_stream_triplet())) { reconsume_current_input_code_point(); return consume_a_numeric_token(); } diff --git a/Userland/Libraries/LibWeb/CSS/Parser/Tokenizer.h b/Userland/Libraries/LibWeb/CSS/Parser/Tokenizer.h index 2d54d1ea8e..5c818890c4 100644 --- a/Userland/Libraries/LibWeb/CSS/Parser/Tokenizer.h +++ b/Userland/Libraries/LibWeb/CSS/Parser/Tokenizer.h @@ -101,7 +101,6 @@ private: [[nodiscard]] static bool is_valid_escape_sequence(U32Twin); [[nodiscard]] bool would_start_an_identifier(); [[nodiscard]] bool would_start_an_identifier(U32Triplet); - [[nodiscard]] bool would_start_a_number() const; [[nodiscard]] static bool would_start_a_number(U32Triplet); String m_decoded_input;