Issue metadata
Sign in to add a comment
|
DoS with svg image with many defs
Reported by
8998...@gmail.com,
Sep 12 2016
|
||||||||||||||||||||||
Issue descriptionChrome Version : Google Chrome 53.0.2785.101 (Official Build) m (32-bit) URLs (if applicable) : http://imgh.us/slow_1.svg Other browsers tested: Firefox, IE Add OK or FAIL, along with the version, after other browsers where you have tested this issue: Firefox: FAIL, version 48.0.2 IE: FAIL, version 11.0.9600.18036 What steps will reproduce the problem? (1) View http://imgh.us/slow_1.svg What is the expected result? Image should be shown. What happens instead? Browser consumes all memory and system freezes. Reboot required.
,
Sep 13 2016
Thanks for taking the time to report this. This is a variant of an xmlbomb / billion laughs crash, so marking as a duplicate. I don't think we need to do anything different for this type of scenario because a script or massive image could cause similar issues. If you have any ideas for improving this without artificially capping memory/nodecounts/etc, we should look into them.
,
Sep 13 2016
What is the current proposed solution for this scenario? The proper solution would probably be to memoize the definitions in a buffer texture with limited size. Expanding the elements lazily would take forever, so the only other solution I can think of is to cap the number of expanded entities, which will probably not break too many valid use cases.
,
Sep 13 2016
A better solution depends on what you want with your billion circles. Maybe a <pattern>? |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Sep 13 2016