[webkit-dev] SVG Stabilization
George Staikos
staikos at kde.org
Wed Feb 21 08:12:52 PST 2007
On 20-Feb-07, at 3:13 AM, Maciej Stachowiak wrote:
> As part of our stabilization effort, SVG has been raised as an area
> of concern. Some of the newer SVG features have been sources of
> crashes, some of which could potentially be security issues (the
> ones that are buffer overruns).
>
> Specifically, here are some of the risks we see from SVG in our
> current state:
>
> * Non-security hole crashes in normal SVG content on the web - may
> affect user perception of quality, but SVG content is not yet very
> common.
>
> * Security holes - potentially exploitable buffer overruns and
> such. These are really bad, because anyone that shipped an engine
> exposing these would be forced to issue high priority security
> updates as they get discovered. SVG content being relatively rare
> will not help
Have you tried using a static checker for these?
> 2) Additional testing
> * Fuzz-test for custom parsers - the biggest security risk is
> buffer overruns in some of the custom parsers, so we'd like to
> develop a fuzz-testing tool for attributes that trigger these, and
> fix resulting crashes.
It's a bit worrisome that we could still have issues like this.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the webkit-dev
mailing list