Closed Bug 282194 Opened 20 years ago Closed 20 years ago

Add null checks to methods that take SVG objects as arguments

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jwatt, Assigned: jwatt)

Details

(Keywords: crash)

Attachments

(1 file, 1 obsolete file)

patch all potential crashers
33.93 KB, patch
tor
: review+
Details | Diff | Splinter Review 
We should check that the argument passed to SetOrientToAuto isn't null. This
will happen if the JavaScript values null or undefined are passed in from a
script allowing malicious person's to crash us.
Attached patch patch (obsolete) — Splinter Review 
Assignee: general → jonathan.watt
Status: NEW → ASSIGNED

        Attachment #174276 -
        Flags: review?(tor)

    
  
Keywords: crash

    
  

        Attachment #174276 -
        Attachment is obsolete: true

        Attachment #174276 -
        Flags: review?(tor)

    
    

    
  
Changing subject. There are several other places in the SVG DOM code where we
need to do this, and we should do them all at once.
Summary: null check in nsSVGMarkerElement::SetOrientToAuto → Add null checks to methods that take SVG objects as arguments

    
    

    
  


  
In some locations the spec says we should return SVG_WRONG_TYPE_ERR when the
SVG object passed into a function is of the "wrong type". The spec doesn't tell
us how to behave when that happens for the following functions, but I believe
this is an mistake, and we should return the same value. That's what I've done
in this patch. I've also added comments to unimplemented functions to remind
the future implementer to null check.

  SVGLocatable:getTransformToElement
    (in nsSVGGraphicElement.cpp and nsSVGSVGElement.cpp)
    http://w3.org/TR/SVG11/types.html#InterfaceSVGLocatable
  SVGMatrix:multiply
    http://w3.org/TR/SVG11/coords.html#InterfaceSVGMatrix
  SVGPoint:matrixTransform
    http://w3.org/TR/SVG11/coords.html#InterfaceSVGPoint
  SVGSVGElement:getIntersectionList
  SVGSVGElement:getEnclosureList
  SVGSVGElement:checkIntersection
  SVGSVGElement:checkEnclosure
  SVGSVGElement:createSVGTransformFromMatrix
    http://w3.org/TR/SVG11/struct.html#InterfaceSVGSVGElement
  SVGTransform:setMatrix
    http://w3.org/TR/SVG11/coords.html#InterfaceSVGTransform
  SVGTextContentElement:getCharNumAtPosition
    (in nsSVGTSpanElement.cpp and nsSVGTextElement.cpp)
    http://w3.org/TR/SVG11/text.html#InterfaceSVGTextContentElement
  SVGMarkerElement:setOrientToAngle
    http://w3.org/TR/SVG11/painting.html#InterfaceSVGMarkerElement

    
  

        Attachment #174372 -
        Flags: review?(tor)

    
    

    
  
Comment on attachment 174372 [details] [diff] [review]
patch all potential crashers

You should mail the SVG WG asking for an errata.

        Attachment #174372 -
        Flags: review?(tor) → review+

    
    

    
  
Checked in.
http://bonsai.mozilla.org/cvsquery.cgi?who=jwatt%25jwatt.org&date=explicit&mindate=2005-02-16+10%3A39&maxdate=2005-02-16+10%3A39
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: