Hi, Attached is a debdiff of the changes I made for 4:3.5.10.dfsg.1-2.1 0-day NMU. Cheers, Giuseppe
diff -u kdelibs-3.5.10.dfsg.1/debian/changelog kdelibs-3.5.10.dfsg.1/debian/changelog --- kdelibs-3.5.10.dfsg.1/debian/changelog +++ kdelibs-3.5.10.dfsg.1/debian/changelog @@ -1,3 +1,29 @@ +kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high + + * Non-maintainer upload by the testing Security Team. + * Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer + overflow was found in the KDE implementation of garbage collector for the + JavaScript language (KJS). + * Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming + the HTML page <head> element. A remote attacker could use this flaw to + cause a denial of service (konqueror crash) or, potentially, execute + arbitrary code, with the privileges of the user running "konqueror" web + browser, if the victim was tricked to open a specially-crafted HTML page. + (Closes: #534949) + * Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly + handled content, forming the value of CSS "style" attribute. A remote + attacker could use this flaw to cause a denial of service (konqueror crash) + or potentially execute arbitrary code with the privileges of the user + running "konqueror" web browser, if the victim visited a specially-crafted + CSS equipped HTML page. (Closes: #534949) + * Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not + properly handle a '\0' character in a domain name in the Subject + Alternative Name field of an X.509 certificate, which allows + man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted + certificate issued by a legitimate Certification Authority (Closes: #546212) + + -- Giuseppe Iuculano <iuculano@debian.org> Wed, 14 Oct 2009 09:57:26 +0200 + kdelibs (4:3.5.10.dfsg.1-2) unstable; urgency=low * Add 64_use_sys_inotify.diff patch to fix ftbfs caused by linux/inotify. only in patch2: unchanged: --- kdelibs-3.5.10.dfsg.1.orig/debian/patches/CVE-2009-1698.diff +++ kdelibs-3.5.10.dfsg.1/debian/patches/CVE-2009-1698.diff @@ -0,0 +1,40 @@ +--- a/khtml/css/css_valueimpl.cpp ++++ b/khtml/css/css_valueimpl.cpp +@@ -736,7 +736,9 @@ DOM::DOMString CSSPrimitiveValueImpl::cs + text = getValueName(m_value.ident); + break; + case CSSPrimitiveValue::CSS_ATTR: +- // ### ++ text = "attr("; ++ text += DOMString( m_value.string ); ++ text += ")"; + break; + case CSSPrimitiveValue::CSS_COUNTER: + text = "counter("; +--- a/khtml/css/cssparser.cpp ++++ b/khtml/css/cssparser.cpp +@@ -1344,6 +1344,14 @@ bool CSSParser::parseContent( int propId + if ( args->size() != 1) + return false; + Value *a = args->current(); ++ if (a->unit != CSSPrimitiveValue::CSS_IDENT) { ++ isValid=false; ++ break; ++ } ++ if (qString(a->string)[0] == '-') { ++ isValid=false; ++ break; ++ } + parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR); + } + else +@@ -1396,7 +1404,8 @@ CSSValueImpl* CSSParser::parseCounterCon + + CounterImpl *counter = new CounterImpl; + Value *i = args->current(); +-// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; ++ if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; ++ if (qString(i->string)[0] == '-') goto invalid; + counter->m_identifier = domString(i->string); + if (counters) { + i = args->next(); only in patch2: unchanged: --- kdelibs-3.5.10.dfsg.1.orig/debian/patches/CVE-2009-2702.diff +++ kdelibs-3.5.10.dfsg.1/debian/patches/CVE-2009-2702.diff @@ -0,0 +1,66 @@ +# +# Description: Fix parsing of Subject Alternate Names in kssl (CVE-2009-2702) +# Patch: https://bugzilla.redhat.com/show_bug.cgi?id=520661 +# +diff -Nur -x '*.orig' -x '*~' kdelibs-3.5.10.dfsg.1/kio/kssl/kopenssl.cc kdelibs-3.5.10.dfsg.1.new/kio/kssl/kopenssl.cc +--- kdelibs-3.5.10.dfsg.1/kio/kssl/kopenssl.cc 2006-07-22 03:16:39.000000000 -0500 ++++ kdelibs-3.5.10.dfsg.1.new/kio/kssl/kopenssl.cc 2009-09-15 14:53:49.052000619 -0500 +@@ -196,6 +196,7 @@ + static X509_NAME *(*K_X509_NAME_new)() = 0L; + static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L; + static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L; ++static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L; + static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L; + + #endif +@@ -494,6 +495,7 @@ + K_X509_NAME_new = (X509_NAME *(*)()) _cryptoLib->symbol("X509_NAME_new"); + K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) _cryptoLib->symbol("X509_REQ_set_subject_name"); + K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_data"); ++ K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_length"); + #endif + } + +@@ -1545,6 +1547,13 @@ + return 0L; + } + ++ ++int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) { ++ if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x); ++ return 0L; ++} ++ ++ + STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) { + if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl); + return 0L; +diff -Nur -x '*.orig' -x '*~' kdelibs-3.5.10.dfsg.1/kio/kssl/kopenssl.h kdelibs-3.5.10.dfsg.1.new/kio/kssl/kopenssl.h +--- kdelibs-3.5.10.dfsg.1/kio/kssl/kopenssl.h 2006-07-22 03:16:39.000000000 -0500 ++++ kdelibs-3.5.10.dfsg.1.new/kio/kssl/kopenssl.h 2009-09-15 14:53:49.052000619 -0500 +@@ -622,6 +622,11 @@ + unsigned char *ASN1_STRING_data(ASN1_STRING *x); + + /* ++ * ASN1_STRING_length ++ */ ++ int ASN1_STRING_length(ASN1_STRING *x); ++ ++ /* + * + */ + int OBJ_obj2nid(ASN1_OBJECT *o); +diff -Nur -x '*.orig' -x '*~' kdelibs-3.5.10.dfsg.1/kio/kssl/ksslcertificate.cc kdelibs-3.5.10.dfsg.1.new/kio/kssl/ksslcertificate.cc +--- kdelibs-3.5.10.dfsg.1/kio/kssl/ksslcertificate.cc 2006-01-19 11:06:12.000000000 -0600 ++++ kdelibs-3.5.10.dfsg.1.new/kio/kssl/ksslcertificate.cc 2009-09-15 14:53:49.059994753 -0500 +@@ -1099,7 +1099,9 @@ + } + + QString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5); +- if (!s.isEmpty()) { ++ if (!s.isEmpty() && ++ /* skip subjectAltNames with embedded NULs */ ++ s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) { + rc += s; + } + } only in patch2: unchanged: --- kdelibs-3.5.10.dfsg.1.orig/debian/patches/CVE-2009-1687.diff +++ kdelibs-3.5.10.dfsg.1/debian/patches/CVE-2009-1687.diff @@ -0,0 +1,20 @@ +--- a/kjs/collector.cpp ++++ b/kjs/collector.cpp +@@ -23,6 +23,7 @@ + + #include "value.h" + #include "internal.h" ++#include <limits.h> + + #ifndef MAX + #define MAX(a,b) ((a) > (b) ? (a) : (b)) +@@ -119,6 +120,9 @@ void* Collector::allocate(size_t s) + // didn't find one, need to allocate a new block + + if (heap.usedBlocks == heap.numBlocks) { ++ static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR; ++ if (heap.numBlocks > maxNumBlocks) ++ return 0L; + heap.numBlocks = MAX(MIN_ARRAY_SIZE, heap.numBlocks * GROWTH_FACTOR); + heap.blocks = (CollectorBlock **)realloc(heap.blocks, heap.numBlocks * sizeof(CollectorBlock *)); + } only in patch2: unchanged: --- kdelibs-3.5.10.dfsg.1.orig/debian/patches/CVE-2009-1690.diff +++ kdelibs-3.5.10.dfsg.1/debian/patches/CVE-2009-1690.diff @@ -0,0 +1,545 @@ +--- /dev/null ++++ b/khtml/html/AlwaysInline.h +@@ -0,0 +1,49 @@ ++/* ++ * Copyright (C) 2005, 2007 Apple Inc. All rights reserved. ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Library General Public ++ * License as published by the Free Software Foundation; either ++ * version 2 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Library General Public License for more details. ++ * ++ * You should have received a copy of the GNU Library General Public License ++ * along with this library; see the file COPYING.LIB. If not, write to ++ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, ++ * Boston, MA 02110-1301, USA. ++ * ++ */ ++ ++#include "html/Platform.h" ++ ++ ++#ifndef ALWAYS_INLINE ++#if COMPILER(GCC) && defined(NDEBUG) && __GNUC__ > 3 ++#define ALWAYS_INLINE inline __attribute__ ((__always_inline__)) ++#elif COMPILER(MSVC) && defined(NDEBUG) ++#define ALWAYS_INLINE __forceinline ++#else ++#define ALWAYS_INLINE inline ++#endif ++#endif ++ ++#ifndef ALWAYS_INLINE_INTO ++#if COMPILER(GCC) && defined(NDEBUG) && ((__GNUC__ == 4 && __GNUC_MINOR__ >= 1) || __GNUC__ > 4) ++#define ALWAYS_INLINE_INTO __attribute__ ((__flatten__)) ++#else ++#define ALWAYS_INLINE_INTO ++#endif ++#endif ++ ++ ++#ifndef NEVER_INLINE ++#if COMPILER(GCC) && __GNUC__ > 3 ++#define NEVER_INLINE __attribute__ ((__noinline__)) ++#else ++#define NEVER_INLINE ++#endif ++#endif +--- /dev/null ++++ b/khtml/html/Platform.h +@@ -0,0 +1,218 @@ ++/* -*- mode: c++; c-basic-offset: 4 -*- */ ++/* ++ * Copyright (C) 2006 Apple Computer, Inc. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY ++ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR ++ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, ++ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, ++ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR ++ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY ++ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#ifndef WTF_Platform_h ++#define WTF_Platform_h ++ ++/* Force KDE build here in our tree... */ ++#ifndef BUILDING_KDE__ ++#define BUILDING_KDE__ 1 ++#endif ++ ++/* PLATFORM handles OS, operating environment, graphics API, and CPU */ ++#define PLATFORM(WTF_FEATURE) (defined( WTF_PLATFORM_##WTF_FEATURE ) && WTF_PLATFORM_##WTF_FEATURE) ++#define COMPILER(WTF_FEATURE) (defined( WTF_COMPILER_##WTF_FEATURE ) && WTF_COMPILER_##WTF_FEATURE) ++#define HAVE(WTF_FEATURE) (defined( HAVE_##WTF_FEATURE ) && HAVE_##WTF_FEATURE) ++#define USE(WTF_FEATURE) (defined( WTF_USE_##WTF_FEATURE ) && WTF_USE_##WTF_FEATURE) ++#define ENABLE(WTF_FEATURE) (defined( ENABLE_##WTF_FEATURE ) && ENABLE_##WTF_FEATURE) ++ ++/* Operating systems - low-level dependencies */ ++ ++/* PLATFORM(DARWIN) */ ++/* Operating system level dependencies for Mac OS X / Darwin that should */ ++/* be used regardless of operating environment */ ++#ifdef __APPLE__ ++#define WTF_PLATFORM_DARWIN 1 ++#endif ++ ++/* PLATFORM(WIN_OS) */ ++/* Operating system level dependencies for Windows that should be used */ ++/* regardless of operating environment */ ++#if defined(WIN32) || defined(_WIN32) ++#define WTF_PLATFORM_WIN_OS 1 ++#endif ++ ++/* PLATFORM(UNIX) */ ++/* Operating system level dependencies for Unix-like systems that */ ++/* should be used regardless of operating environment */ ++/* (includes PLATFORM(DARWIN)) */ ++#if defined(__APPLE__) \ ++ || defined(unix) \ ++ || defined(__unix) \ ++ || defined(__unix__) \ ++ || defined (__NetBSD__) \ ++ || defined(_AIX) ++#define WTF_PLATFORM_UNIX 1 ++#endif ++ ++/* PLATFORM(SOLARIS_OS) */ ++/* Operating system level dependencies for Sun (Open)Solaris 10. */ ++/* Studio 12 on Solaris defines __SunOS; gcc defines __sun__; */ ++/* Both compilers define __sun and sun. */ ++#if defined(__sun) || defined(sun) ++#define WTF_PLATFORM_SOLARIS_OS 1 ++#endif ++ ++/* Operating environments */ ++ ++/* I made the BUILDING_KDE__ macro up for the KDE build system to define */ ++ ++/* PLATFORM(KDE) */ ++/* PLATFORM(MAC) */ ++/* PLATFORM(WIN) */ ++#if BUILDING_KDE__ ++#define WTF_PLATFORM_KDE 1 ++#elif PLATFORM(DARWIN) ++#define WTF_PLATFORM_MAC 1 ++#elif PLATFORM(WIN_OS) ++#define WTF_PLATFORM_WIN 1 ++#endif ++#if defined(BUILDING_GDK__) ++#define WTF_PLATFORM_GDK 1 ++#endif ++ ++ ++/* CPU */ ++ ++/* PLATFORM(PPC) */ ++#if defined(__ppc__) \ ++ || defined(__PPC__) \ ++ || defined(__powerpc__) \ ++ || defined(__powerpc) \ ++ || defined(__POWERPC__) \ ++ || defined(_M_PPC) \ ++ || defined(__PPC) ++#define WTF_PLATFORM_PPC 1 ++#define WTF_PLATFORM_BIG_ENDIAN 1 ++#endif ++ ++/* PLATFORM(PPC64) */ ++#if defined(__ppc64__) \ ++ || defined(__PPC64__) ++#define WTF_PLATFORM_PPC64 1 ++#define WTF_PLATFORM_BIG_ENDIAN 1 ++#endif ++ ++#if defined(arm) ++#define WTF_PLATFORM_ARM 1 ++#if defined(__ARMEB__) ++#define WTF_PLATFORM_BIG_ENDIAN 1 ++#elif !defined(__ARM_EABI__) && !defined(__ARMEB__) ++#define WTF_PLATFORM_MIDDLE_ENDIAN 1 ++#endif ++#if !defined(__ARM_EABI__) ++#define WTF_PLATFORM_FORCE_PACK 1 ++#endif ++#endif ++ ++/* PLATFORM(X86) */ ++#if defined(__i386__) \ ++ || defined(i386) \ ++ || defined(_M_IX86) \ ++ || defined(_X86_) \ ++ || defined(__THW_INTEL) ++#define WTF_PLATFORM_X86 1 ++#endif ++ ++/* PLATFORM(X86_64) */ ++#if defined(__x86_64__) \ ++ || defined(__ia64__) ++#define WTF_PLATFORM_X86_64 1 ++#endif ++ ++/* PLATFORM(SPARC) */ ++#if defined(sparc) ++#define WTF_PLATFORM_SPARC 1 ++#endif ++ ++/* Compiler */ ++ ++/* COMPILER(CWP) */ ++#if defined(__MWERKS__) ++#define WTF_COMPILER_CWP 1 ++#endif ++ ++/* COMPILER(MSVC) */ ++#if defined(_MSC_VER) ++#define WTF_COMPILER_MSVC 1 ++#endif ++ ++/* COMPILER(GCC) */ ++#if defined(__GNUC__) ++#define WTF_COMPILER_GCC 1 ++#endif ++ ++/* COMPILER(SUNPRO) */ ++#if defined(__SUNPRO_CC) ++#define WTF_COMPILER_SUNPRO 1 ++#endif ++ ++/* COMPILER(BORLAND) */ ++/* not really fully supported - is this relevant any more? */ ++#if defined(__BORLANDC__) ++#define WTF_COMPILER_BORLAND 1 ++#endif ++ ++/* COMPILER(CYGWIN) */ ++/* not really fully supported - is this relevant any more? */ ++#if defined(__CYGWIN__) ++#define WTF_COMPILER_CYGWIN 1 ++#endif ++ ++/* multiple threads only supported on Mac for now */ ++#if PLATFORM(MAC) ++#ifndef WTF_USE_MULTIPLE_THREADS ++#define WTF_USE_MULTIPLE_THREADS 1 ++#endif ++#ifndef WTF_USE_BINDINGS ++#define WTF_USE_BINDINGS 1 ++#endif ++#endif ++ ++/* for Unicode, KDE uses Qt, everything else uses ICU */ ++#if PLATFORM(KDE) || PLATFORM(QT) ++#define WTF_USE_QT4_UNICODE 1 ++#elif PLATFORM(SYMBIAN) ++#define WTF_USE_SYMBIAN_UNICODE 1 ++#else ++#define WTF_USE_ICU_UNICODE 1 ++#endif ++ ++#if PLATFORM(MAC) ++#define WTF_PLATFORM_CF 1 ++#endif ++ ++#if PLATFORM(WIN) ++#define WTF_USE_WININET 1 ++#endif ++ ++#if PLATFORM(GDK) ++#define WTF_USE_CURL 1 ++#endif ++ ++/* ENABLE macro defaults */ ++ ++#endif /* WTF_Platform_h */ +--- /dev/null ++++ b/khtml/html/RefPtr.h +@@ -0,0 +1,202 @@ ++// -*- mode: c++; c-basic-offset: 4 -*- ++/* ++ * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Library General Public ++ * License as published by the Free Software Foundation; either ++ * version 2 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Library General Public License for more details. ++ * ++ * You should have received a copy of the GNU Library General Public License ++ * along with this library; see the file COPYING.LIB. If not, write to ++ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, ++ * Boston, MA 02110-1301, USA. ++ * ++ */ ++ ++#ifndef WTF_RefPtr_h ++#define WTF_RefPtr_h ++ ++#include <algorithm> ++#include "AlwaysInline.h" ++ ++namespace WTF { ++ ++ enum PlacementNewAdoptType { PlacementNewAdopt }; ++ ++ template <typename T> class PassRefPtr; ++ ++ enum HashTableDeletedValueType { HashTableDeletedValue }; ++ ++ template <typename T> class RefPtr { ++ public: ++ RefPtr() : m_ptr(0) { } ++ RefPtr(T* ptr) : m_ptr(ptr) { if (ptr) ptr->ref(); } ++ RefPtr(const RefPtr& o) : m_ptr(o.m_ptr) { if (T* ptr = m_ptr) ptr->ref(); } ++ // see comment in PassRefPtr.h for why this takes const reference ++ template <typename U> RefPtr(const PassRefPtr<U>&); ++ ++ // Special constructor for cases where we overwrite an object in place. ++ RefPtr(PlacementNewAdoptType) { } ++ ++ // Hash table deleted values, which are only constructed and never copied or destroyed. ++ RefPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { } ++ bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); } ++ ++ ~RefPtr() { if (T* ptr = m_ptr) ptr->deref(); } ++ ++ template <typename U> RefPtr(const RefPtr<U>& o) : m_ptr(o.get()) { if (T* ptr = m_ptr) ptr->ref(); } ++ ++ T* get() const { return m_ptr; } ++ ++ void clear() { if (T* ptr = m_ptr) ptr->deref(); m_ptr = 0; } ++ PassRefPtr<T> release() { PassRefPtr<T> tmp = adoptRef(m_ptr); m_ptr = 0; return tmp; } ++ ++ T& operator*() const { return *m_ptr; } ++ ALWAYS_INLINE T* operator->() const { return m_ptr; } ++ ++ bool operator!() const { return !m_ptr; } ++ ++ // This conversion operator allows implicit conversion to bool but not to other integer types. ++ typedef T* RefPtr::*UnspecifiedBoolType; ++ operator UnspecifiedBoolType() const { return m_ptr ? &RefPtr::m_ptr : 0; } ++ ++ RefPtr& operator=(const RefPtr&); ++ RefPtr& operator=(T*); ++ RefPtr& operator=(const PassRefPtr<T>&); ++ template <typename U> RefPtr& operator=(const RefPtr<U>&); ++ template <typename U> RefPtr& operator=(const PassRefPtr<U>&); ++ ++ void swap(RefPtr&); ++ ++ private: ++ static T* hashTableDeletedValue() { return reinterpret_cast<T*>(-1); } ++ ++ T* m_ptr; ++ }; ++ ++ template <typename T> template <typename U> inline RefPtr<T>::RefPtr(const PassRefPtr<U>& o) ++ : m_ptr(o.releaseRef()) ++ { ++ } ++ ++ template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(const RefPtr<T>& o) ++ { ++ T* optr = o.get(); ++ if (optr) ++ optr->ref(); ++ T* ptr = m_ptr; ++ m_ptr = optr; ++ if (ptr) ++ ptr->deref(); ++ return *this; ++ } ++ ++ template <typename T> template <typename U> inline RefPtr<T>& RefPtr<T>::operator=(const RefPtr<U>& o) ++ { ++ T* optr = o.get(); ++ if (optr) ++ optr->ref(); ++ T* ptr = m_ptr; ++ m_ptr = optr; ++ if (ptr) ++ ptr->deref(); ++ return *this; ++ } ++ ++ template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(T* optr) ++ { ++ if (optr) ++ optr->ref(); ++ T* ptr = m_ptr; ++ m_ptr = optr; ++ if (ptr) ++ ptr->deref(); ++ return *this; ++ } ++ ++ template <typename T> inline RefPtr<T>& RefPtr<T>::operator=(const PassRefPtr<T>& o) ++ { ++ T* ptr = m_ptr; ++ m_ptr = o.releaseRef(); ++ if (ptr) ++ ptr->deref(); ++ return *this; ++ } ++ ++ template <typename T> template <typename U> inline RefPtr<T>& RefPtr<T>::operator=(const PassRefPtr<U>& o) ++ { ++ T* ptr = m_ptr; ++ m_ptr = o.releaseRef(); ++ if (ptr) ++ ptr->deref(); ++ return *this; ++ } ++ ++ template <class T> inline void RefPtr<T>::swap(RefPtr<T>& o) ++ { ++ std::swap(m_ptr, o.m_ptr); ++ } ++ ++ template <class T> inline void swap(RefPtr<T>& a, RefPtr<T>& b) ++ { ++ a.swap(b); ++ } ++ ++ template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, const RefPtr<U>& b) ++ { ++ return a.get() == b.get(); ++ } ++ ++ template <typename T, typename U> inline bool operator==(const RefPtr<T>& a, U* b) ++ { ++ return a.get() == b; ++ } ++ ++ template <typename T, typename U> inline bool operator==(T* a, const RefPtr<U>& b) ++ { ++ return a == b.get(); ++ } ++ ++ template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, const RefPtr<U>& b) ++ { ++ return a.get() != b.get(); ++ } ++ ++ template <typename T, typename U> inline bool operator!=(const RefPtr<T>& a, U* b) ++ { ++ return a.get() != b; ++ } ++ ++ template <typename T, typename U> inline bool operator!=(T* a, const RefPtr<U>& b) ++ { ++ return a != b.get(); ++ } ++ ++ template <typename T, typename U> inline RefPtr<T> static_pointer_cast(const RefPtr<U>& p) ++ { ++ return RefPtr<T>(static_cast<T*>(p.get())); ++ } ++ ++ template <typename T, typename U> inline RefPtr<T> const_pointer_cast(const RefPtr<U>& p) ++ { ++ return RefPtr<T>(const_cast<T*>(p.get())); ++ } ++ ++ template <typename T> inline T* getPtr(const RefPtr<T>& p) ++ { ++ return p.get(); ++ } ++ ++} // namespace WTF ++ ++using WTF::RefPtr; ++using WTF::static_pointer_cast; ++using WTF::const_pointer_cast; ++ ++#endif // WTF_RefPtr_h +--- a/khtml/html/htmlparser.cpp ++++ b/khtml/html/htmlparser.cpp +@@ -195,7 +195,6 @@ void KHTMLParser::reset() + + form = 0; + map = 0; +- head = 0; + end = false; + isindex = 0; + +@@ -612,8 +611,7 @@ bool KHTMLParser::insertNode(NodeImpl *n + case ID_BASE: + if(!head) { + head = new HTMLHeadElementImpl(document); +- e = head; +- insertNode(e); ++ insertNode(head.get()); + handled = true; + } + break; +@@ -835,7 +833,7 @@ NodeImpl *KHTMLParser::getElement(Token* + case ID_HEAD: + if(!head && current->id() == ID_HTML) { + head = new HTMLHeadElementImpl(document); +- n = head; ++ n = head.get(); + } + break; + case ID_BODY: +@@ -1684,12 +1682,12 @@ void KHTMLParser::createHead() + head = new HTMLHeadElementImpl(document); + HTMLElementImpl *body = doc()->body(); + int exceptioncode = 0; +- doc()->firstChild()->insertBefore(head, body, exceptioncode); ++ doc()->firstChild()->insertBefore(head.get(), body, exceptioncode); + if ( exceptioncode ) { + #ifdef PARSER_DEBUG + kdDebug( 6035 ) << "creation of head failed!!!!" << endl; + #endif +- delete head; ++ delete head.get(); + head = 0; + } + } +--- a/khtml/html/htmlparser.h ++++ b/khtml/html/htmlparser.h +@@ -38,10 +38,10 @@ + #include <qdatetime.h> + #endif + +- + #include "dom/dom_string.h" + #include "xml/dom_nodeimpl.h" + #include "html/html_documentimpl.h" ++#include "html/RefPtr.h" + + class KHTMLView; + class HTMLStackElem; +@@ -148,7 +148,7 @@ private: + /* + * the head element. Needed for crappy html which defines <base> after </head> + */ +- DOM::HTMLHeadElementImpl *head; ++ RefPtr<DOM::HTMLHeadElementImpl> head; + + /* + * a possible <isindex> element in the head. Compatibility hack for
Attachment:
signature.asc
Description: OpenPGP digital signature