Closed Bug 282194 Opened 20 years ago Closed 20 years ago

Add null checks to methods that take SVG objects as arguments

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jwatt, Assigned: jwatt)

Details

(Keywords: crash)

Attachments

(1 file, 1 obsolete file)

patch all potential crashers
33.93 KB, patch
tor
: review+
Details | Diff | Splinter Review
We should check that the argument passed to SetOrientToAuto isn't null. This will happen if the JavaScript values null or undefined are passed in from a script allowing malicious person's to crash us.
Attached patch patch (obsolete) — Splinter Review
Assignee: general → jonathan.watt
Status: NEW → ASSIGNED
Attachment #174276 - Flags: review?(tor)
Keywords: crash
Attachment #174276 - Attachment is obsolete: true
Attachment #174276 - Flags: review?(tor)
Changing subject. There are several other places in the SVG DOM code where we need to do this, and we should do them all at once.
Summary: null check in nsSVGMarkerElement::SetOrientToAuto → Add null checks to methods that take SVG objects as arguments
In some locations the spec says we should return SVG_WRONG_TYPE_ERR when the SVG object passed into a function is of the "wrong type". The spec doesn't tell us how to behave when that happens for the following functions, but I believe this is an mistake, and we should return the same value. That's what I've done in this patch. I've also added comments to unimplemented functions to remind the future implementer to null check. SVGLocatable:getTransformToElement (in nsSVGGraphicElement.cpp and nsSVGSVGElement.cpp) http://w3.org/TR/SVG11/types.html#InterfaceSVGLocatable SVGMatrix:multiply http://w3.org/TR/SVG11/coords.html#InterfaceSVGMatrix SVGPoint:matrixTransform http://w3.org/TR/SVG11/coords.html#InterfaceSVGPoint SVGSVGElement:getIntersectionList SVGSVGElement:getEnclosureList SVGSVGElement:checkIntersection SVGSVGElement:checkEnclosure SVGSVGElement:createSVGTransformFromMatrix http://w3.org/TR/SVG11/struct.html#InterfaceSVGSVGElement SVGTransform:setMatrix http://w3.org/TR/SVG11/coords.html#InterfaceSVGTransform SVGTextContentElement:getCharNumAtPosition (in nsSVGTSpanElement.cpp and nsSVGTextElement.cpp) http://w3.org/TR/SVG11/text.html#InterfaceSVGTextContentElement SVGMarkerElement:setOrientToAngle http://w3.org/TR/SVG11/painting.html#InterfaceSVGMarkerElement
Attachment #174372 - Flags: review?(tor)
Comment on attachment 174372 [details] [diff] [review] patch all potential crashers You should mail the SVG WG asking for an errata.
Attachment #174372 - Flags: review?(tor) → review+
Checked in. http://bonsai.mozilla.org/cvsquery.cgi?who=jwatt%25jwatt.org&date=explicit&mindate=2005-02-16+10%3A39&maxdate=2005-02-16+10%3A39
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: