[Webkit-unassigned] [Bug 12365] Reproducible crash in WebCore::SVGPreserveAspectRatio::parsePreserveAspectRatio in svg/W3C-SVG-1.1/animate-elem-40-t.svg under guard malloc
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 22 16:05:56 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12365
------- Comment #6 from macdome at opendarwin.org 2007-01-22 16:05 PDT -------
I think this parser could just be simplified to use checkString calls at the
top level ifs, or at least add a checkChar(currentPtr, end, deferDesc, 0) or
similar. which checks the first char, as well as checks to make sure ptr < end.
Something along those lines to make the parser easier to read/code w/o error.
Also, to answer Darin's question, only the middle if section is required for
the string to be valid. both "defer" and "meet-or-slice" are optional.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list