[cairo-bugs] [Bug 92904] Large amount of uninitialized values in svg parsing and processing

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Nov 13 03:51:41 PST 2015


https://bugs.freedesktop.org/show_bug.cgi?id=92904

--- Comment #2 from gustavo.grieco at imag.fr ---
> Well, what do you want me to do with this report? The C program you link to "just" renders SVGs and the SVG files which you claim to attach aren't attached. Just saying that somewhere there is a use of undefined variable that causes malfunction in cairo doesn't really help me.

> And yes, you say that you will attach the files after the bug was marked private. Sadly I don't think I have more rights in bugzilla than you do. And, as far as I know, firefox bundles their own (ancient?) copy of cairo anyway, so having a fixed cairo version won't help firefox immediately anyway.

This bug is affecting Firefox in because they use gdk-pixbuf in the open-file
dialog box to render a preview of the image that can fail if you browse a
directory with a malicious image. Also, as far as i know, they are not using an
ancient version of cairo. The version of cairo used here depends on gdk-pixbuf,
which is the last version in the Ubuntu 14.04 repositories (1.13)

> I can see why you don't want to provide the SVG files. How about a list of uninitialized variables? (With git commit id, file name, line, or something like that) Or alternatively a patch which initializes these variables? (That should turn this problem into NULL pointer dereferences which should be "less severe" and unitialized variables should be easy to initialize to NULL / 0 / 0.0 / whatever)

I shared these test cases with the Mozilla security team and they have a
private bug, so it is better to keep them private for now. I can send them to
to your private email if you want.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20151113/36d6dc02/attachment.html>


More information about the cairo-bugs mailing list