From d6e9997619fb6bfe082360f1702d6d29250dc3ce Mon Sep 17 00:00:00 2001
From: Benjamin Otte <otte@redhat.com>
Date: Wed, 30 Jul 2014 18:45:15 +0200
Subject: [PATCH] css: Fail animation shorthand parsing properly

When a number is not a nubmer, don't just crash, exit properly with an
error code.

See attached testcase for an example.
---
 gtk/gtkcssshorthandpropertyimpl.c                 | 3 +++
 testsuite/css/parser/Makefile.am                  | 3 +++
 testsuite/css/parser/animation-crash-3.12.css     | 3 +++
 testsuite/css/parser/animation-crash-3.12.errors  | 1 +
 testsuite/css/parser/animation-crash-3.12.ref.css | 0
 5 files changed, 10 insertions(+)
 create mode 100644 testsuite/css/parser/animation-crash-3.12.css
 create mode 100644 testsuite/css/parser/animation-crash-3.12.errors
 create mode 100644 testsuite/css/parser/animation-crash-3.12.ref.css

diff --git a/gtk/gtkcssshorthandpropertyimpl.c b/gtk/gtkcssshorthandpropertyimpl.c
index c81e2c4703..647787880c 100644
--- a/gtk/gtkcssshorthandpropertyimpl.c
+++ b/gtk/gtkcssshorthandpropertyimpl.c
@@ -722,6 +722,9 @@ parse_one_animation (GtkCssShorthandProperty  *shorthand,
                                                GTK_CSS_POSITIVE_ONLY
                                                | (values[1] == NULL ? GTK_CSS_PARSE_NUMBER : 0)
                                                | (values[3] == NULL ? GTK_CSS_PARSE_TIME : 0));
+          if (value == NULL)
+            return FALSE;
+
           if (_gtk_css_number_value_get_unit (value) == GTK_CSS_NUMBER)
             values[1] = value;
           else if (values[2] == NULL)
diff --git a/testsuite/css/parser/Makefile.am b/testsuite/css/parser/Makefile.am
index f44f7757dc..4c35afeecf 100644
--- a/testsuite/css/parser/Makefile.am
+++ b/testsuite/css/parser/Makefile.am
@@ -30,6 +30,9 @@ clean-local:
 	rm $(builddir)/*.out.css || true
 
 test_data = \
+	animation-crash-3.12.css \
+	animation-crash-3.12.errors \
+	animation-crash-3.12.ref.css \
 	animation-shorthand-crash.css \
 	animation-shorthand-crash.ref.css \
 	at-invalid-01.css \
diff --git a/testsuite/css/parser/animation-crash-3.12.css b/testsuite/css/parser/animation-crash-3.12.css
new file mode 100644
index 0000000000..c9f4506eec
--- /dev/null
+++ b/testsuite/css/parser/animation-crash-3.12.css
@@ -0,0 +1,3 @@
+* {
+  animation: 2gra;
+}
diff --git a/testsuite/css/parser/animation-crash-3.12.errors b/testsuite/css/parser/animation-crash-3.12.errors
new file mode 100644
index 0000000000..8c9ecc4c9c
--- /dev/null
+++ b/testsuite/css/parser/animation-crash-3.12.errors
@@ -0,0 +1 @@
+animation-crash-3.12.css:2: error: GTK_CSS_PROVIDER_ERROR_SYNTAX
diff --git a/testsuite/css/parser/animation-crash-3.12.ref.css b/testsuite/css/parser/animation-crash-3.12.ref.css
new file mode 100644
index 0000000000..e69de29bb2
-- 
2.30.2