Google Git
Sign in
webkit / WebKit / 5bec6fe272396b07db853f0672fe4b0348e465f7
commit5bec6fe272396b07db853f0672fe4b0348e465f7[log] [tgz]
authorsaid@apple.com <said@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Apr 08 20:07:51 2016 +0000
committersaid@apple.com <said@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Apr 08 20:07:51 2016 +0000
tree322164382ef832a1c41af45267857362f9e0ccf0
parent371eaff54d7342c4ca333f22e251b4e8e4b3ed5d [diff]
Timing attack on SVG feComposite filter circumvents same-origin policy
https://bugs.webkit.org/show_bug.cgi?id=154338

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-04-08
Reviewed by Oliver Hunt.

Ensure the FEComposite arithmetic filter is clamping the resulted color
components in a constant time.

* platform/graphics/filters/FEComposite.cpp:
(WebCore::clampByte):
(WebCore::computeArithmeticPixels):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@199243 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2 files changed
tree: 322164382ef832a1c41af45267857362f9e0ccf0
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. ChangeLog
  14. ChangeLog-2012-05-22
  15. CMakeLists.txt
  16. Makefile
  17. Makefile.shared