mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-04-26 22:38:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWeb: Prevent crashes with progress element's value and max attributes

Browse source 
If either of these attributes are missing, do not crash in `strtod()`
but return a default value instead.
This commit is contained in:
Jelle Raaijmakers 2022-03-03 13:50:39 +01:00 committed by Andreas Kling
parent 51d3c8bbf7
commit 6e1333cc71
Notes: sideshowbarker 2024-07-18 04:38:32 +09:00
1 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Userland/Libraries/LibWeb/HTML/HTMLProgressElement.cpp
View file

@ -26,7 +26,11 @@ RefPtr<Layout::Node> HTMLProgressElement::create_layout_node(NonnullRefPtr<CSS::
double HTMLProgressElement::value() const
{
auto parsed_value = strtod(attribute(HTML::AttributeNames::value).characters(), nullptr);
auto value_characters = attribute(HTML::AttributeNames::value).characters();
if (value_characters == nullptr)
return 0;
auto parsed_value = strtod(value_characters, nullptr);
if (!isfinite(parsed_value) || parsed_value < 0)
return 0;
@ -46,7 +50,11 @@ void HTMLProgressElement::set_value(double value)
double HTMLProgressElement::max() const
{
auto parsed_value = strtod(attribute(HTML::AttributeNames::max).characters(), nullptr);
auto max_characters = attribute(HTML::AttributeNames::max).characters();
if (max_characters == nullptr)
return 1;
auto parsed_value = strtod(max_characters, nullptr);
if (!isfinite(parsed_value) || parsed_value <= 0)
return 1;