[Webkit-unassigned] [Bug 104111] REGRESSION (r129585): Cannot load DATA URI resources within the context of an SVG image
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Mar 29 17:40:37 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=104111
David Kilzer (:ddkilzer) <ddkilzer at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ddkilzer at webkit.org,
| |koivisto at iki.fi,
| |rniwa at webkit.org
--- Comment #24 from David Kilzer (:ddkilzer) <ddkilzer at webkit.org> 2014-03-29 17:40:53 PST ---
Google fixed this with this bug/commit:
SVG with embedded image doesn't display properly when in <img>
https://code.google.com/p/chromium/issues/detail?id=224317
http://src.chromium.org/viewvc/blink?revision=152093&view=revision
Which then caused this security issue:
Heap-use-after-free in WebCore::StyleResolver::loadPendingImages
https://code.google.com/p/chromium/issues/detail?id=248843
https://src.chromium.org/viewvc/blink?revision=153029&view=revision
Which then caused this security issue:
Heap-use-after-free in WebCore::StyleResolver::loadPendingImages
https://code.google.com/p/chromium/issues/detail?id=256013
http://src.chromium.org/viewvc/blink?revision=153969&view=revision
Which then caused this security issue:
Heap-use-after-free in WebCore::XMLDocumentParser::append
https://code.google.com/p/chromium/issues/detail?id=278908
http://src.chromium.org/viewvc/blink?view=revision&revision=157914
Please be careful if merging this fix from Blink.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list