From 1c00e5688d3330626f809e758bb63c8348776971 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Fri, 19 Jul 2024 14:44:10 +0200 Subject: [PATCH] LibWeb: Fix StringView OOB access when parsing 3-character legacy color Found by Domato. --- .../LibWeb/Text/expected/HTML/short-legacy-color-value.txt | 1 + Tests/LibWeb/Text/input/HTML/short-legacy-color-value.html | 7 +++++++ Userland/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp | 3 +++ 3 files changed, 11 insertions(+) create mode 100644 Tests/LibWeb/Text/expected/HTML/short-legacy-color-value.txt create mode 100644 Tests/LibWeb/Text/input/HTML/short-legacy-color-value.html diff --git a/Tests/LibWeb/Text/expected/HTML/short-legacy-color-value.txt b/Tests/LibWeb/Text/expected/HTML/short-legacy-color-value.txt new file mode 100644 index 0000000000..3a2d263b04 --- /dev/null +++ b/Tests/LibWeb/Text/expected/HTML/short-legacy-color-value.txt @@ -0,0 +1 @@ + PASS (didn't crash) diff --git a/Tests/LibWeb/Text/input/HTML/short-legacy-color-value.html b/Tests/LibWeb/Text/input/HTML/short-legacy-color-value.html new file mode 100644 index 0000000000..d37468df8c --- /dev/null +++ b/Tests/LibWeb/Text/input/HTML/short-legacy-color-value.html @@ -0,0 +1,7 @@ + + + diff --git a/Userland/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp b/Userland/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp index 99c93ab1f7..6de3d078f6 100644 --- a/Userland/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp +++ b/Userland/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp @@ -4879,6 +4879,9 @@ Optional parse_legacy_color_value(StringView string) } auto to_hex = [&](StringView string) -> u8 { + if (length == 1) { + return hex_nibble_to_u8(string[0]); + } auto nib1 = hex_nibble_to_u8(string[0]); auto nib2 = hex_nibble_to_u8(string[1]); return nib1 << 4 | nib2;