Closed Bug 306090 Opened 19 years ago Closed 13 years ago

SVG security review: image->image conversions

Categories

(Core :: SVG, defect)

defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: jruderman, Unassigned)

References

()

Details

T Rowley mentioned that this is part of the SVG attack surface and could do with a security review: * image->image conversions http://lxr.mozilla.org/mozilla/source/layout/generic/nsImageFrame.cpp
Blocks: 306101
I assume that this is supposed to be nsSVGImageFrame.cpp (http://lxr.mozilla.org/mozilla/source/layout/svg/base/src/nsSVGImageFrame.cpp) and not layout/generic/nsImageFrame.cpp, right?
Assignee: general → vladimir
nsSVGImageFrame::ConvertFrame looks fine, though some of the array offset wrangling could be a bit more efficient (probably irrelevant with a good compiler). A lot of code similar to this will eventually be shared via Thebes.
Is this something we should keep open and pursue at this point?
QA Contact: ian → general
Feel free to reopen if this is going to actually happen.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.