[Webkit-unassigned] [Bug 12365] Reproducible crash in WebCore::SVGPreserveAspectRatio::parsePreserveAspectRatio in svg/W3C-SVG-1.1/animate-elem-40-t.svg under guard malloc
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 22 10:05:02 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12365
------- Comment #3 from darin at apple.com 2007-01-22 10:05 PDT -------
There are some cases in the function that clearly don't check the end of
buffer. Mainly cases where skipOptionalSpaces is called, but its return value
is ignored. However, I can't tell from reading the code which of the letters
are allowed to be combined, so I'm not posting a patch.
The four cases that are currently wrong are
'n' or 'x' after a 'd'
'm' or 's' after a 'd' or 'n' or 'x'
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list