[webkit-dev] SVG Stabilization

George Staikos staikos at kde.org
Wed Feb 21 08:12:52 PST 2007

On 20-Feb-07, at 3:13 AM, Maciej Stachowiak wrote:

> As part of our stabilization effort, SVG has been raised as an area  
> of concern. Some of the newer SVG features have been sources of  
> crashes, some of which could potentially be security issues (the  
> ones that are buffer overruns).
> Specifically, here are some of the risks we see from SVG in our  
> current state:
> * Non-security hole crashes in normal SVG content on the web - may  
> affect user perception of quality, but SVG content is not yet very  
> common.
> * Security holes - potentially exploitable buffer overruns and  
> such. These are really bad, because anyone that shipped an engine  
> exposing these would be forced to issue high priority security  
> updates as they get discovered. SVG content being relatively rare  
> will not help

    Have you tried using a static checker for these?

> 2) Additional testing
>   * Fuzz-test for custom parsers - the biggest security risk is  
> buffer overruns in some of the custom parsers, so we'd like to  
> develop a fuzz-testing tool for attributes that trigger these, and  
> fix resulting crashes.

    It's a bit worrisome that we could still have issues like this.

George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/

More information about the webkit-dev mailing list