Bug 12884
| Summary: | Test SVG custom parsers | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Maciej Stachowiak <mjs> |
| Component: | SVG | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | mitz |
| Priority: | P1 | Keywords: | InRadar, SVGHitList |
| Version: | 523.x (Safari 3) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.4 | ||
Maciej Stachowiak
We should do fuzz-testing of SVG parsers to make sure we've adressed possible overflow bugs. Maybe also more code review. This applies to at least the following parsers:
- paths
- SVGTransformable::parseTransformAttribute
- SVGLengthList::parse
- SVGNumberList::parse
- SVGStringList::parse
- SVGPreserveAspectRatio::parsePreserveAspectRatio
- SVGColor.cpp parseNumberOrPercent
- SVGColor::colorFromRGBColorString
- SVGFitToViewBox::parseViewBox
- SVGLength::setValueAsString
- SVGParserUtilities.cpp parseNumber
- SVGParserUtilities.cpp parseNumberOptionalNumber
- SVGPolyParser::parsePoints
- SVGPathParser::parseSVG
- CSSParser::parseSVGStrokeDasharray
- CSSParser::parseSVGPaint
- CSSParser::parseSVGColor
- CSSParser::parseSVGValue
Parsers that are only in relevant to experimental features (so testing them isn't a P1):
- SVGAnimationElement::parseKeyNumbers
- SVGAnimationElement parseValues, parseKeySplines
- SVGAnimationElement::parseBeginOrEndValue
- SVGAnimationElement::parseClockValue
- SVGAnimateMotionElement.cpp parsePoint static function
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Maciej Stachowiak
<rdar://problem/5021699>
Darin Adler
Geoff took care of this and closed the Radar bug on 3/21.