--- kdelibs-3.5.4/khtml/html/RefPtr.h.CVE-2009-1690 2009-06-17 14:19:00.000000000 +0200
+++ kdelibs-3.5.4/khtml/html/RefPtr.h 2009-06-17 14:19:00.000000000 +0200
@@ -0,0 +1,202 @@
+// -*- mode: c++; c-basic-offset: 4 -*-
+/*
+ * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#ifndef WTF_RefPtr_h
+#define WTF_RefPtr_h
+
+#include
+#include "AlwaysInline.h"
+
+namespace WTF {
+
+ enum PlacementNewAdoptType { PlacementNewAdopt };
+
+ template class PassRefPtr;
+
+ enum HashTableDeletedValueType { HashTableDeletedValue };
+
+ template class RefPtr {
+ public:
+ RefPtr() : m_ptr(0) { }
+ RefPtr(T* ptr) : m_ptr(ptr) { if (ptr) ptr->ref(); }
+ RefPtr(const RefPtr& o) : m_ptr(o.m_ptr) { if (T* ptr = m_ptr) ptr->ref(); }
+ // see comment in PassRefPtr.h for why this takes const reference
+ template RefPtr(const PassRefPtr&);
+
+ // Special constructor for cases where we overwrite an object in place.
+ RefPtr(PlacementNewAdoptType) { }
+
+ // Hash table deleted values, which are only constructed and never copied or destroyed.
+ RefPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { }
+ bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); }
+
+ ~RefPtr() { if (T* ptr = m_ptr) ptr->deref(); }
+
+ template RefPtr(const RefPtr& o) : m_ptr(o.get()) { if (T* ptr = m_ptr) ptr->ref(); }
+
+ T* get() const { return m_ptr; }
+
+ void clear() { if (T* ptr = m_ptr) ptr->deref(); m_ptr = 0; }
+ PassRefPtr release() { PassRefPtr tmp = adoptRef(m_ptr); m_ptr = 0; return tmp; }
+
+ T& operator*() const { return *m_ptr; }
+ ALWAYS_INLINE T* operator->() const { return m_ptr; }
+
+ bool operator!() const { return !m_ptr; }
+
+ // This conversion operator allows implicit conversion to bool but not to other integer types.
+ typedef T* RefPtr::*UnspecifiedBoolType;
+ operator UnspecifiedBoolType() const { return m_ptr ? &RefPtr::m_ptr : 0; }
+
+ RefPtr& operator=(const RefPtr&);
+ RefPtr& operator=(T*);
+ RefPtr& operator=(const PassRefPtr&);
+ template RefPtr& operator=(const RefPtr&);
+ template RefPtr& operator=(const PassRefPtr&);
+
+ void swap(RefPtr&);
+
+ private:
+ static T* hashTableDeletedValue() { return reinterpret_cast(-1); }
+
+ T* m_ptr;
+ };
+
+ template template inline RefPtr::RefPtr(const PassRefPtr& o)
+ : m_ptr(o.releaseRef())
+ {
+ }
+
+ template inline RefPtr& RefPtr::operator=(const RefPtr& o)
+ {
+ T* optr = o.get();
+ if (optr)
+ optr->ref();
+ T* ptr = m_ptr;
+ m_ptr = optr;
+ if (ptr)
+ ptr->deref();
+ return *this;
+ }
+
+ template template inline RefPtr& RefPtr::operator=(const RefPtr& o)
+ {
+ T* optr = o.get();
+ if (optr)
+ optr->ref();
+ T* ptr = m_ptr;
+ m_ptr = optr;
+ if (ptr)
+ ptr->deref();
+ return *this;
+ }
+
+ template inline RefPtr& RefPtr::operator=(T* optr)
+ {
+ if (optr)
+ optr->ref();
+ T* ptr = m_ptr;
+ m_ptr = optr;
+ if (ptr)
+ ptr->deref();
+ return *this;
+ }
+
+ template inline RefPtr& RefPtr::operator=(const PassRefPtr& o)
+ {
+ T* ptr = m_ptr;
+ m_ptr = o.releaseRef();
+ if (ptr)
+ ptr->deref();
+ return *this;
+ }
+
+ template template inline RefPtr& RefPtr::operator=(const PassRefPtr& o)
+ {
+ T* ptr = m_ptr;
+ m_ptr = o.releaseRef();
+ if (ptr)
+ ptr->deref();
+ return *this;
+ }
+
+ template inline void RefPtr::swap(RefPtr& o)
+ {
+ std::swap(m_ptr, o.m_ptr);
+ }
+
+ template inline void swap(RefPtr& a, RefPtr& b)
+ {
+ a.swap(b);
+ }
+
+ template inline bool operator==(const RefPtr& a, const RefPtr& b)
+ {
+ return a.get() == b.get();
+ }
+
+ template inline bool operator==(const RefPtr& a, U* b)
+ {
+ return a.get() == b;
+ }
+
+ template inline bool operator==(T* a, const RefPtr& b)
+ {
+ return a == b.get();
+ }
+
+ template inline bool operator!=(const RefPtr& a, const RefPtr& b)
+ {
+ return a.get() != b.get();
+ }
+
+ template inline bool operator!=(const RefPtr& a, U* b)
+ {
+ return a.get() != b;
+ }
+
+ template inline bool operator!=(T* a, const RefPtr& b)
+ {
+ return a != b.get();
+ }
+
+ template inline RefPtr static_pointer_cast(const RefPtr& p)
+ {
+ return RefPtr(static_cast(p.get()));
+ }
+
+ template inline RefPtr const_pointer_cast(const RefPtr& p)
+ {
+ return RefPtr(const_cast(p.get()));
+ }
+
+ template inline T* getPtr(const RefPtr& p)
+ {
+ return p.get();
+ }
+
+} // namespace WTF
+
+using WTF::RefPtr;
+using WTF::static_pointer_cast;
+using WTF::const_pointer_cast;
+
+#endif // WTF_RefPtr_h
--- kdelibs-3.5.4/khtml/html/htmlparser.cpp.CVE-2009-1690 2006-07-22 10:16:43.000000000 +0200
+++ kdelibs-3.5.4/khtml/html/htmlparser.cpp 2009-06-17 11:51:15.000000000 +0200
@@ -199,7 +199,6 @@
form = 0;
map = 0;
- head = 0;
end = false;
isindex = 0;
@@ -616,8 +615,7 @@
case ID_BASE:
if(!head) {
head = new HTMLHeadElementImpl(document);
- e = head;
- insertNode(e);
+ insertNode(head.get());
handled = true;
}
break;
@@ -839,7 +837,7 @@
case ID_HEAD:
if(!head && current->id() == ID_HTML) {
head = new HTMLHeadElementImpl(document);
- n = head;
+ n = head.get();
}
break;
case ID_BODY:
@@ -1679,12 +1677,12 @@
head = new HTMLHeadElementImpl(document);
HTMLElementImpl *body = doc()->body();
int exceptioncode = 0;
- doc()->firstChild()->insertBefore(head, body, exceptioncode);
+ doc()->firstChild()->insertBefore(head.get(), body, exceptioncode);
if ( exceptioncode ) {
#ifdef PARSER_DEBUG
kdDebug( 6035 ) << "creation of head failed!!!!" << endl;
#endif
- delete head;
+ delete head.get();
head = 0;
}
}
--- kdelibs-3.5.4/khtml/html/Platform.h.CVE-2009-1690 2009-06-17 14:19:07.000000000 +0200
+++ kdelibs-3.5.4/khtml/html/Platform.h 2009-06-17 14:19:07.000000000 +0200
@@ -0,0 +1,218 @@
+/* -*- mode: c++; c-basic-offset: 4 -*- */
+/*
+ * Copyright (C) 2006 Apple Computer, Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef WTF_Platform_h
+#define WTF_Platform_h
+
+/* Force KDE build here in our tree... */
+#ifndef BUILDING_KDE__
+#define BUILDING_KDE__ 1
+#endif
+
+/* PLATFORM handles OS, operating environment, graphics API, and CPU */
+#define PLATFORM(WTF_FEATURE) (defined( WTF_PLATFORM_##WTF_FEATURE ) && WTF_PLATFORM_##WTF_FEATURE)
+#define COMPILER(WTF_FEATURE) (defined( WTF_COMPILER_##WTF_FEATURE ) && WTF_COMPILER_##WTF_FEATURE)
+#define HAVE(WTF_FEATURE) (defined( HAVE_##WTF_FEATURE ) && HAVE_##WTF_FEATURE)
+#define USE(WTF_FEATURE) (defined( WTF_USE_##WTF_FEATURE ) && WTF_USE_##WTF_FEATURE)
+#define ENABLE(WTF_FEATURE) (defined( ENABLE_##WTF_FEATURE ) && ENABLE_##WTF_FEATURE)
+
+/* Operating systems - low-level dependencies */
+
+/* PLATFORM(DARWIN) */
+/* Operating system level dependencies for Mac OS X / Darwin that should */
+/* be used regardless of operating environment */
+#ifdef __APPLE__
+#define WTF_PLATFORM_DARWIN 1
+#endif
+
+/* PLATFORM(WIN_OS) */
+/* Operating system level dependencies for Windows that should be used */
+/* regardless of operating environment */
+#if defined(WIN32) || defined(_WIN32)
+#define WTF_PLATFORM_WIN_OS 1
+#endif
+
+/* PLATFORM(UNIX) */
+/* Operating system level dependencies for Unix-like systems that */
+/* should be used regardless of operating environment */
+/* (includes PLATFORM(DARWIN)) */
+#if defined(__APPLE__) \
+ || defined(unix) \
+ || defined(__unix) \
+ || defined(__unix__) \
+ || defined (__NetBSD__) \
+ || defined(_AIX)
+#define WTF_PLATFORM_UNIX 1
+#endif
+
+/* PLATFORM(SOLARIS_OS) */
+/* Operating system level dependencies for Sun (Open)Solaris 10. */
+/* Studio 12 on Solaris defines __SunOS; gcc defines __sun__; */
+/* Both compilers define __sun and sun. */
+#if defined(__sun) || defined(sun)
+#define WTF_PLATFORM_SOLARIS_OS 1
+#endif
+
+/* Operating environments */
+
+/* I made the BUILDING_KDE__ macro up for the KDE build system to define */
+
+/* PLATFORM(KDE) */
+/* PLATFORM(MAC) */
+/* PLATFORM(WIN) */
+#if BUILDING_KDE__
+#define WTF_PLATFORM_KDE 1
+#elif PLATFORM(DARWIN)
+#define WTF_PLATFORM_MAC 1
+#elif PLATFORM(WIN_OS)
+#define WTF_PLATFORM_WIN 1
+#endif
+#if defined(BUILDING_GDK__)
+#define WTF_PLATFORM_GDK 1
+#endif
+
+
+/* CPU */
+
+/* PLATFORM(PPC) */
+#if defined(__ppc__) \
+ || defined(__PPC__) \
+ || defined(__powerpc__) \
+ || defined(__powerpc) \
+ || defined(__POWERPC__) \
+ || defined(_M_PPC) \
+ || defined(__PPC)
+#define WTF_PLATFORM_PPC 1
+#define WTF_PLATFORM_BIG_ENDIAN 1
+#endif
+
+/* PLATFORM(PPC64) */
+#if defined(__ppc64__) \
+ || defined(__PPC64__)
+#define WTF_PLATFORM_PPC64 1
+#define WTF_PLATFORM_BIG_ENDIAN 1
+#endif
+
+#if defined(arm)
+#define WTF_PLATFORM_ARM 1
+#if defined(__ARMEB__)
+#define WTF_PLATFORM_BIG_ENDIAN 1
+#elif !defined(__ARM_EABI__) && !defined(__ARMEB__)
+#define WTF_PLATFORM_MIDDLE_ENDIAN 1
+#endif
+#if !defined(__ARM_EABI__)
+#define WTF_PLATFORM_FORCE_PACK 1
+#endif
+#endif
+
+/* PLATFORM(X86) */
+#if defined(__i386__) \
+ || defined(i386) \
+ || defined(_M_IX86) \
+ || defined(_X86_) \
+ || defined(__THW_INTEL)
+#define WTF_PLATFORM_X86 1
+#endif
+
+/* PLATFORM(X86_64) */
+#if defined(__x86_64__) \
+ || defined(__ia64__)
+#define WTF_PLATFORM_X86_64 1
+#endif
+
+/* PLATFORM(SPARC) */
+#if defined(sparc)
+#define WTF_PLATFORM_SPARC 1
+#endif
+
+/* Compiler */
+
+/* COMPILER(CWP) */
+#if defined(__MWERKS__)
+#define WTF_COMPILER_CWP 1
+#endif
+
+/* COMPILER(MSVC) */
+#if defined(_MSC_VER)
+#define WTF_COMPILER_MSVC 1
+#endif
+
+/* COMPILER(GCC) */
+#if defined(__GNUC__)
+#define WTF_COMPILER_GCC 1
+#endif
+
+/* COMPILER(SUNPRO) */
+#if defined(__SUNPRO_CC)
+#define WTF_COMPILER_SUNPRO 1
+#endif
+
+/* COMPILER(BORLAND) */
+/* not really fully supported - is this relevant any more? */
+#if defined(__BORLANDC__)
+#define WTF_COMPILER_BORLAND 1
+#endif
+
+/* COMPILER(CYGWIN) */
+/* not really fully supported - is this relevant any more? */
+#if defined(__CYGWIN__)
+#define WTF_COMPILER_CYGWIN 1
+#endif
+
+/* multiple threads only supported on Mac for now */
+#if PLATFORM(MAC)
+#ifndef WTF_USE_MULTIPLE_THREADS
+#define WTF_USE_MULTIPLE_THREADS 1
+#endif
+#ifndef WTF_USE_BINDINGS
+#define WTF_USE_BINDINGS 1
+#endif
+#endif
+
+/* for Unicode, KDE uses Qt, everything else uses ICU */
+#if PLATFORM(KDE) || PLATFORM(QT)
+#define WTF_USE_QT4_UNICODE 1
+#elif PLATFORM(SYMBIAN)
+#define WTF_USE_SYMBIAN_UNICODE 1
+#else
+#define WTF_USE_ICU_UNICODE 1
+#endif
+
+#if PLATFORM(MAC)
+#define WTF_PLATFORM_CF 1
+#endif
+
+#if PLATFORM(WIN)
+#define WTF_USE_WININET 1
+#endif
+
+#if PLATFORM(GDK)
+#define WTF_USE_CURL 1
+#endif
+
+/* ENABLE macro defaults */
+
+#endif /* WTF_Platform_h */
--- kdelibs-3.5.4/khtml/html/AlwaysInline.h.CVE-2009-1690 2009-06-17 14:18:52.000000000 +0200
+++ kdelibs-3.5.4/khtml/html/AlwaysInline.h 2009-06-17 13:56:36.000000000 +0200
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2005, 2007 Apple Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ */
+
+#include "html/Platform.h"
+
+
+#ifndef ALWAYS_INLINE
+#if COMPILER(GCC) && defined(NDEBUG) && __GNUC__ > 3
+#define ALWAYS_INLINE inline __attribute__ ((__always_inline__))
+#elif COMPILER(MSVC) && defined(NDEBUG)
+#define ALWAYS_INLINE __forceinline
+#else
+#define ALWAYS_INLINE inline
+#endif
+#endif
+
+#ifndef ALWAYS_INLINE_INTO
+#if COMPILER(GCC) && defined(NDEBUG) && ((__GNUC__ == 4 && __GNUC_MINOR__ >= 1) || __GNUC__ > 4)
+#define ALWAYS_INLINE_INTO __attribute__ ((__flatten__))
+#else
+#define ALWAYS_INLINE_INTO
+#endif
+#endif
+
+
+#ifndef NEVER_INLINE
+#if COMPILER(GCC) && __GNUC__ > 3
+#define NEVER_INLINE __attribute__ ((__noinline__))
+#else
+#define NEVER_INLINE
+#endif
+#endif
--- kdelibs-3.5.4/khtml/html/htmlparser.h.CVE-2009-1690 2005-10-10 17:06:04.000000000 +0200
+++ kdelibs-3.5.4/khtml/html/htmlparser.h 2009-06-17 14:42:27.000000000 +0200
@@ -38,10 +38,10 @@
#include
#endif
-
#include "dom/dom_string.h"
#include "xml/dom_nodeimpl.h"
#include "html/html_documentimpl.h"
+#include "html/RefPtr.h"
class KHTMLView;
class HTMLStackElem;
@@ -148,7 +148,7 @@
/*
* the head element. Needed for crappy html which defines after
*/
- DOM::HTMLHeadElementImpl *head;
+ RefPtr head;
/*
* a possible element in the head. Compatibility hack for