-
inferno@chromium.org authored
Reviewed by Dirk Schulze. Large input numbers cause overflow during SVG parsing, leading to crash https://bugs.webkit.org/show_bug.cgi?id=49546 Values outside the range supported by float lead to Infinity() or NaN() during parsing, leading to subsequent crashes. Modified parser to verify number is in the supported range, and return false if not. Tests: svg/custom/svg-parse-overflow-1.html svg/custom/svg-parse-overflow-2.html svg/custom/svg-parse-overflow-3.html svg/custom/svg-parse-overflow-4.html svg/custom/svg-parse-overflow-5.html * svg/SVGParserUtilities.cpp: (WebCore::isValidRange): (WebCore::genericParseNumber): 2010-11-29 W. James MacLean <wjmaclean@chromium.org> Reviewed by Dirk Schulze. Large input numbers cause overflow during SVG parsing, leading to crash https://bugs.webkit.org/show_bug.cgi?id=49546 Values outside the range supported by float lead to Infinity() or NaN() during parsing, leading to subsequent crashes. Modified parser to verify number is in the supported range, and return false if not. * platform/chromium-linux/svg/custom/svg-parse-overflow-1-expected.checksum: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-1-expected.png: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-1-expected.txt: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-2-expected.checksum: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-2-expected.png: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-2-expected.txt: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-3-expected.checksum: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-3-expected.png: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-3-expected.txt: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-4-expected.checksum: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-4-expected.png: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-4-expected.txt: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-5-expected.checksum: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-5-expected.png: Added. * platform/chromium-linux/svg/custom/svg-parse-overflow-5-expected.txt: Added. * platform/chromium/test_expectations.txt: * platform/mac/svg/custom/svg-parse-overflow-1-expected.checksum: Added. * platform/mac/svg/custom/svg-parse-overflow-1-expected.png: Added. * platform/mac/svg/custom/svg-parse-overflow-1-expected.txt: Added. * platform/mac/svg/custom/svg-parse-overflow-2-expected.checksum: Added. * platform/mac/svg/custom/svg-parse-overflow-2-expected.png: Added. * platform/mac/svg/custom/svg-parse-overflow-2-expected.txt: Added. * platform/mac/svg/custom/svg-parse-overflow-3-expected.checksum: Added. * platform/mac/svg/custom/svg-parse-overflow-3-expected.png: Added. * platform/mac/svg/custom/svg-parse-overflow-3-expected.txt: Added. * platform/mac/svg/custom/svg-parse-overflow-4-expected.checksum: Added. * platform/mac/svg/custom/svg-parse-overflow-4-expected.png: Added. * platform/mac/svg/custom/svg-parse-overflow-4-expected.txt: Added. * platform/mac/svg/custom/svg-parse-overflow-5-expected.checksum: Added. * platform/mac/svg/custom/svg-parse-overflow-5-expected.png: Added. * platform/mac/svg/custom/svg-parse-overflow-5-expected.txt: Added. * platform/mac/test_expectations.txt: * svg/custom/svg-parse-overflow-1.html: Added. * svg/custom/svg-parse-overflow-2.html: Added. * svg/custom/svg-parse-overflow-3.html: Added. * svg/custom/svg-parse-overflow-4.html: Added. * svg/custom/svg-parse-overflow-5.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@72802 268f45cc-cd09-0410-ab3c-d52691b4dbfc
4795944c