[librsvg/librsvg-2.44] (#496): Ensure all lengths and angles parse as finite numbers
- From: Federico Mena Quintero <federico src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [librsvg/librsvg-2.44] (#496): Ensure all lengths and angles parse as finite numbers
- Date: Sat, 17 Aug 2019 20:29:36 +0000 (UTC)
commit aa3902b49ad3519baca0f70e3389d457ab1668c7
Author: Federico Mena Quintero <federico gnome org>
Date: Sat Aug 17 13:54:56 2019 -0500
(#496): Ensure all lengths and angles parse as finite numbers
The example crasher, found via fuzzing, yields an <svg width="BIGNUM">
which rust-cssparser puts as an Infinity in an f32 value. This ends
up being in a non-invertible Cairo matrix, which panics.
We need to catch all such cases early, so we run all parsed numbers
through finite_f32() right as they come out of rust-cssparser.
Thanks to Bastien Orivel for the fuzz-testing runs!
Fixes https://gitlab.gnome.org/GNOME/librsvg/issues/496
rsvg_internals/src/length.rs | 9 ++++-----
rsvg_internals/src/parsers.rs | 4 ++--
2 files changed, 6 insertions(+), 7 deletions(-)
---
diff --git a/rsvg_internals/src/length.rs b/rsvg_internals/src/length.rs
index d9caaf2d..cdbedc2d 100644
--- a/rsvg_internals/src/length.rs
+++ b/rsvg_internals/src/length.rs
@@ -3,8 +3,7 @@ use std::f64::consts::*;
use drawing_ctx::ViewParams;
use error::*;
-use parsers::Parse;
-use parsers::ParseError;
+use parsers::{Parse, ParseError, finite_f32};
use state::ComputedValues;
#[derive(Debug, PartialEq, Copy, Clone)]
@@ -150,13 +149,13 @@ impl Length {
match *token {
Token::Number { value, .. } => Length {
- length: f64::from(value),
+ length: f64::from(finite_f32(value)?),
unit: LengthUnit::Default,
dir,
},
Token::Percentage { unit_value, .. } => Length {
- length: f64::from(unit_value),
+ length: f64::from(finite_f32(unit_value)?),
unit: LengthUnit::Percent,
dir,
},
@@ -164,7 +163,7 @@ impl Length {
Token::Dimension {
value, ref unit, ..
} => {
- let value = f64::from(value);
+ let value = f64::from(finite_f32(value)?);
match unit.as_ref() {
"em" => Length {
diff --git a/rsvg_internals/src/parsers.rs b/rsvg_internals/src/parsers.rs
index 5eae2591..752335f8 100644
--- a/rsvg_internals/src/parsers.rs
+++ b/rsvg_internals/src/parsers.rs
@@ -130,12 +130,12 @@ pub fn angle_degrees(parser: &mut Parser<'_, '_>) -> Result<f64, ParseError> {
.map_err(|_| ParseError::new("expected angle"))?;
match *token {
- Token::Number { value, .. } => f64::from(value),
+ Token::Number { value, .. } => f64::from(finite_f32(value).map_err(|_| ParseError::new("expected
finite value"))?),
Token::Dimension {
value, ref unit, ..
} => {
- let value = f64::from(value);
+ let value = f64::from(finite_f32(value).map_err(|_| ParseError::new("expected finite
value"))?);
match unit.as_ref() {
"deg" => value,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]