Closed Bug 306091 Opened 19 years ago Closed 17 years ago

SVG security review: Cairo library text handling

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: jruderman, Unassigned)

References

Details

T Rowley mentioned that this is part of the SVG attack surface and could do with
a security review:

  * cairo library text handling?
Blocks: 306101
I don't know if tor meant this to be "Make sure SVG uses Cairo APIs safely and
correctly" or "Make sure Cairo doesn't have security holes in the way it handles
text".

I guess the things I'd worry about are:

1. Very long one-line strings (which tend to cause OS freezes/crashes,
overlapping text, or disappearing text with current GFX, see bug 302294).

2. Handling of international characters / confusion about the character-encoding
in strings, because I've heard of scary crashes involving that kind of thing before.

3. Handling of strings (e.g. from JavaScript) that contain embedded nulls.

4. Downloadable fonts, if that feature exists.

5. Spoofing in dialogs (multiple text strings that look the same or similar to
humans).

6. Correctness of any code that manipulates strings at a low level, whether for
parsing or displaying.

I wonder if that overlaps at all with what tor was thinking.

Pav mentioned that the way Cairo handles fonts has changed completely, and the
new version is about to be checked in on trunk.
Assignee: general → pavlov
Assignee: pavlov → nobody
Since we're now using cairo across the board, is this bug still relevant?
Probably not.  We have had some SVG-specific bugs involving cairo text, such as bug 396321, though.
I can't see that bug (as per usual). If you think it's not worth keeping this open (nothing will happen), can you close it?
I CCed you on it, so you can see it now.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.