Timing attack on SVG feComposite filter circumvents same-origin policy
authorsaid@apple.com <said@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Apr 2016 20:07:51 +0000 (20:07 +0000)
committersaid@apple.com <said@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Apr 2016 20:07:51 +0000 (20:07 +0000)
commit246677ea1e80ff1c56a2b4093747deb33794c6fc
tree322164382ef832a1c41af45267857362f9e0ccf0
parent9f473382bf3d1539c581209dec586ce43a477d96
Timing attack on SVG feComposite filter circumvents same-origin policy
https://bugs.webkit.org/show_bug.cgi?id=154338

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-04-08
Reviewed by Oliver Hunt.

Ensure the FEComposite arithmetic filter is clamping the resulted color
components in a constant time.

* platform/graphics/filters/FEComposite.cpp:
(WebCore::clampByte):
(WebCore::computeArithmeticPixels):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199243 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/filters/FEComposite.cpp