Skip to content
  • inferno@chromium.org's avatar
    2010-11-29 W. James MacLean <wjmaclean@chromium.org> · 4795944c
    inferno@chromium.org authored
           Reviewed by Dirk Schulze.
    
           Large input numbers cause overflow during SVG parsing, leading to crash
           https://bugs.webkit.org/show_bug.cgi?id=49546
    
           Values outside the range supported by float lead to Infinity() or NaN()
           during parsing, leading to subsequent crashes. Modified
           parser to verify number is in the supported range, and return false if not.
    
           Tests: svg/custom/svg-parse-overflow-1.html
                  svg/custom/svg-parse-overflow-2.html
                  svg/custom/svg-parse-overflow-3.html
                  svg/custom/svg-parse-overflow-4.html
                  svg/custom/svg-parse-overflow-5.html
    
           * svg/SVGParserUtilities.cpp:
           (WebCore::isValidRange):
           (WebCore::genericParseNumber):
    2010-11-29  W. James MacLean  <wjmaclean@chromium.org>
    
            Reviewed by Dirk Schulze.
    
            Large input numbers cause overflow during SVG parsing, leading to crash
            https://bugs.webkit.org/show_bug.cgi?id=49546
    
            Values outside the range supported by float lead to Infinity() or NaN()
            during parsing, leading to subsequent crashes. Modified
            parser to verify number is in the supported range, and return false if not.
    
            * platform/chromium-linux/svg/custom/svg-parse-overflow-1-expected.checksum: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-1-expected.png: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-1-expected.txt: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-2-expected.checksum: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-2-expected.png: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-2-expected.txt: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-3-expected.checksum: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-3-expected.png: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-3-expected.txt: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-4-expected.checksum: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-4-expected.png: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-4-expected.txt: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-5-expected.checksum: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-5-expected.png: Added.
            * platform/chromium-linux/svg/custom/svg-parse-overflow-5-expected.txt: Added.
            * platform/chromium/test_expectations.txt:
            * platform/mac/svg/custom/svg-parse-overflow-1-expected.checksum: Added.
            * platform/mac/svg/custom/svg-parse-overflow-1-expected.png: Added.
            * platform/mac/svg/custom/svg-parse-overflow-1-expected.txt: Added.
            * platform/mac/svg/custom/svg-parse-overflow-2-expected.checksum: Added.
            * platform/mac/svg/custom/svg-parse-overflow-2-expected.png: Added.
            * platform/mac/svg/custom/svg-parse-overflow-2-expected.txt: Added.
            * platform/mac/svg/custom/svg-parse-overflow-3-expected.checksum: Added.
            * platform/mac/svg/custom/svg-parse-overflow-3-expected.png: Added.
            * platform/mac/svg/custom/svg-parse-overflow-3-expected.txt: Added.
            * platform/mac/svg/custom/svg-parse-overflow-4-expected.checksum: Added.
            * platform/mac/svg/custom/svg-parse-overflow-4-expected.png: Added.
            * platform/mac/svg/custom/svg-parse-overflow-4-expected.txt: Added.
            * platform/mac/svg/custom/svg-parse-overflow-5-expected.checksum: Added.
            * platform/mac/svg/custom/svg-parse-overflow-5-expected.png: Added.
            * platform/mac/svg/custom/svg-parse-overflow-5-expected.txt: Added.
            * platform/mac/test_expectations.txt:
            * svg/custom/svg-parse-overflow-1.html: Added.
            * svg/custom/svg-parse-overflow-2.html: Added.
            * svg/custom/svg-parse-overflow-3.html: Added.
            * svg/custom/svg-parse-overflow-4.html: Added.
            * svg/custom/svg-parse-overflow-5.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@72802 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    4795944c