Closed
Bug 306090
Opened 19 years ago
Closed 13 years ago
SVG security review: image->image conversions
Categories
(Core :: SVG, defect)
Core
SVG
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: jruderman, Unassigned)
References
()
Details
T Rowley mentioned that this is part of the SVG attack surface and could do with
a security review:
* image->image conversions
http://lxr.mozilla.org/mozilla/source/layout/generic/nsImageFrame.cpp
I assume that this is supposed to be nsSVGImageFrame.cpp
(http://lxr.mozilla.org/mozilla/source/layout/svg/base/src/nsSVGImageFrame.cpp)
and not layout/generic/nsImageFrame.cpp, right?
Assignee: general → vladimir
nsSVGImageFrame::ConvertFrame looks fine, though some of the array offset
wrangling could be a bit more efficient (probably irrelevant with a good
compiler). A lot of code similar to this will eventually be shared via Thebes.
Reporter | ||
Updated•19 years ago
|
Assignee: vladimir → nobody
Comment 3•15 years ago
|
||
Is this something we should keep open and pursue at this point?
Updated•15 years ago
|
QA Contact: ian → general
Comment 4•13 years ago
|
||
Feel free to reopen if this is going to actually happen.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•