From 71c558bf9a9d819bcdd671c3b90f1745aa148e92 Mon Sep 17 00:00:00 2001 From: "dveditz%cruzio.com" Date: Mon, 27 Feb 2006 20:47:50 +0000 Subject: [PATCH] bug 328692 catch names missed in 319846, r=mrbkap, sr=bsmedberg, a=timr --- content/xul/document/src/nsXULDocument.cpp | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/content/xul/document/src/nsXULDocument.cpp b/content/xul/document/src/nsXULDocument.cpp index 32063b27116..6e2908b41ff 100644 --- a/content/xul/document/src/nsXULDocument.cpp +++ b/content/xul/document/src/nsXULDocument.cpp @@ -148,6 +148,7 @@ const nsForwardReference::Phase nsForwardReference::kPasses[] = { nsForwardReference::eDone }; +const PRUint32 kMaxAttrNameLength = 512; const PRUint32 kMaxAttributeLength = 4096; //---------------------------------------------------------------------- @@ -1346,6 +1347,14 @@ nsXULDocument::Persist(nsIContent* aElement, PRInt32 aNameSpaceID, rv = aAttribute->GetUTF8String(&attrstr); if (NS_FAILED(rv)) return rv; + // Don't bother with unreasonable attributes. We clamp long values, + // but truncating attribute names turns it into a different attribute + // so there's no point in persisting anything at all + if (!attrstr || strlen(attrstr) > kMaxAttrNameLength) { + NS_WARNING("Can't persist, Attribute name too long"); + return NS_ERROR_ILLEGAL_VALUE; + } + nsCOMPtr attr; rv = gRDFService->GetResource(nsDependentCString(attrstr), getter_AddRefs(attr)); @@ -1358,8 +1367,10 @@ nsXULDocument::Persist(nsIContent* aElement, PRInt32 aNameSpaceID, // prevent over-long attributes that choke the parser (bug 319846) // (can't simply Truncate without testing, it's implemented // using SetLength and will grow a short string) - if (valuestr.Length() > kMaxAttributeLength) + if (valuestr.Length() > kMaxAttributeLength) { + NS_WARNING("Truncating persisted attribute value"); valuestr.Truncate(kMaxAttributeLength); + } // See if there was an old value... nsCOMPtr oldvalue;