[Webkit-unassigned] [Bug 34566] Security: WebCore::FEMorphology::apply memmove ReadAV at NULL (ec3ed2d76f7904e1c4df8ea3b1dd07e6)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 19 16:01:08 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=34566
--- Comment #5 from Justin Schuh <jschuh at chromium.org> 2010-03-19 16:01:07 PST ---
(In reply to comment #4)
> (From update of attachment 51073 [details])
> What happens if you throw very large radiuses at this filter? Can you add
> large radius tests as well? say 2^8, 2^16, 2^24, etc (and possibly 2^8-1, etc
> as well)
I can add test conditions for integer boundaries. However, the math is all
32-bit ints, so the INT_MIN/INT_MAX boundaries are the only ones that make
sense.
There is one other potential trouble spot I noticed in FEMorphology::apply()
while following in the debugger. It's possible to saturate radiusX and radiusY
when converting to int, which produces the value INT_MIN. It won't actually
trigger any security issues, but future changes could cause problems. So, I'm
adding a range check there as well.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list