From: Vadim Zeitlin <vadim@wxwidgets.org>
Date: Sat, 16 Jul 2005 22:38:46 +0000 (+0000)
Subject: fixed a rare crash due to malformed HTML
X-Git-Url: https://git.saurik.com/wxWidgets.git/commitdiff_plain/10b9be3230a400b02df9d5c9d9e1986570ecb5b5?ds=sidebyside;hp=99f0dc688742156982e526639d17df4cb9003588

fixed a rare crash due to malformed HTML


git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@34870 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775
---

diff --git a/docs/changes.txt b/docs/changes.txt
index fa82b4feaf..68b8f1f0af 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -14,6 +14,7 @@ All (GUI):
 
 - Added wxXmlResource::Unload()
 - Possibility of modeless wxWizard dialog (with presentation in sample).
+- Fixed a rare crash due to malformed HTML in wxHTML (Xavier Nodet)
 
 wxMSW:
 
diff --git a/src/html/htmltag.cpp b/src/html/htmltag.cpp
index f5e93ffa03..0149450543 100644
--- a/src/html/htmltag.cpp
+++ b/src/html/htmltag.cpp
@@ -194,6 +194,16 @@ void wxHtmlTagsCache::QueryTag(int at, int* end1, int* end2)
         int delta = (at < m_Cache[m_CachePos].Key) ? -1 : 1;
         do
         {
+            if ( m_CachePos < 0 || m_CachePos == m_CacheSize )
+            {
+                // something is very wrong with HTML, give up by returning an
+                // impossibly large value which is going to be ignored by the
+                // caller
+                *end1 =
+                *end2 = INT_MAX;
+                return;
+            }
+
             m_CachePos += delta;
         }
         while (m_Cache[m_CachePos].Key != at);