git://git.webkit.org / WebKit-https.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0100f47) | patch
2007-03-21 Oliver Hunt <oliver@apple.com>
authoroliver <oliver@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 21 Mar 2007 21:59:06 +0000 (21:59 +0000)
committeroliver <oliver@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 21 Mar 2007 21:59:06 +0000 (21:59 +0000)
commit919fbd51746885d1dbcce06c2e5fb176a990d8fc
treeda3076b86c48f1c0404ff8b9b0a5b1e1c0b0c03ftree | snapshot
parent0100f471d7f6593980dfae40f5aa7621cd1e910fcommit | diff
2007-03-21  Oliver Hunt  <oliver@apple.com>

        Reviewed by Antti.
WebCore:
        Update a few SVG attribute parsers to be more defensive against
        reading beyond the end of input.

        Fixes rdar://problem/5077218 -- SVG transform parser runs past
        end of buffer when running fuzzing test

        * ksvg2/svg/SVGParserUtilities.cpp:
        (WebCore::SVGPathParser::parseSVG):
        * ksvg2/svg/SVGParserUtilities.h:
        (WebCore::skipOptionalSpacesOrDelimiter):
        * ksvg2/svg/SVGTransformable.cpp:
        (WebCore::parseTransformParamList):
        (WebCore::SVGTransformable::parseTransformAttribute):

LayoutTests:
        Fuzz test for SVG transform parser

        * svg/dom/transform-parser-expected.txt: Added.
        * svg/dom/transform-parser.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@20364 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog diff | blob | history
LayoutTests/svg/dom/transform-parser-expected.txt [new file with mode: 0644] blob
LayoutTests/svg/dom/transform-parser.html [new file with mode: 0644] blob
WebCore/ChangeLog diff | blob | history
WebCore/ksvg2/svg/SVGParserUtilities.cpp diff | blob | history
WebCore/ksvg2/svg/SVGParserUtilities.h diff | blob | history
WebCore/ksvg2/svg/SVGTransformable.cpp diff | blob | history
Mirror of the WebKit open source project from svn.webkit.org.