On 20-Feb-07, at 3:13 AM, Maciej Stachowiak wrote:
As part of our stabilization effort, SVG has been raised as an area
of concern. Some of the newer SVG features have been sources of
crashes, some of which could potentially be security issues (the
ones that are buffer overruns).
Specifically, here are some of the risks we see from SVG in our
current state:
* Non-security hole crashes in normal SVG content on the web - may
affect user perception of quality, but SVG content is not yet very
common.
* Security holes - potentially exploitable buffer overruns and
such. These are really bad, because anyone that shipped an engine
exposing these would be forced to issue high priority security
updates as they get discovered. SVG content being relatively rare
will not help
Have you tried using a static checker for these?
2) Additional testing
* Fuzz-test for custom parsers - the biggest security risk is
buffer overruns in some of the custom parsers, so we'd like to
develop a fuzz-testing tool for attributes that trigger these, and
fix resulting crashes.
It's a bit worrisome that we could still have issues like this.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-dev