Bug 12884

Summary: Test SVG custom parsers
Product: WebKit Reporter: Maciej Stachowiak <mjs>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: mitz
Priority: P1 Keywords: InRadar, SVGHitList
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   

Description Maciej Stachowiak 2007-02-24 19:08:23 PST 
We should do fuzz-testing of SVG parsers to make sure we've adressed possible overflow bugs. Maybe also more code review. This applies to at least the following parsers:

- paths
- SVGTransformable::parseTransformAttribute
- SVGLengthList::parse
- SVGNumberList::parse
- SVGStringList::parse
- SVGPreserveAspectRatio::parsePreserveAspectRatio
- SVGColor.cpp parseNumberOrPercent
- SVGColor::colorFromRGBColorString
- SVGFitToViewBox::parseViewBox
- SVGLength::setValueAsString
- SVGParserUtilities.cpp parseNumber
- SVGParserUtilities.cpp parseNumberOptionalNumber
- SVGPolyParser::parsePoints
- SVGPathParser::parseSVG
- CSSParser::parseSVGStrokeDasharray
- CSSParser::parseSVGPaint
- CSSParser::parseSVGColor
- CSSParser::parseSVGValue

Parsers that are only in relevant to experimental features (so testing them isn't a P1):

- SVGAnimationElement::parseKeyNumbers
- SVGAnimationElement parseValues, parseKeySplines
- SVGAnimationElement::parseBeginOrEndValue
- SVGAnimationElement::parseClockValue
- SVGAnimateMotionElement.cpp parsePoint static function
Comment 1 Maciej Stachowiak 2007-02-24 19:10:38 PST 
<rdar://problem/5021699>
Comment 2 Darin Adler 2007-04-11 02:21:36 PDT 
Geoff took care of this and closed the Radar bug on 3/21.