NetSurf 1.2 security flaws (was: Hi)

John-Mark Bell jmb at
Fri Jan 16 01:27:18 GMT 2009

On Fri, 16 Jan 2009, John-Mark Bell wrote:

> It would appear that the following solves the issue:
>  $ cd branches/1
>  $ svnmerge merge --revision 5100 netsurf
> (then resolve the conflicts). This also hauls in r4001 and r4049.

I should probably point out that while those changes prevent the DOS, 
they don't provide a total fix. To do that requires that we audit the 
layout code (and I guess anything related to it) to ensure that it 
handles under/overflow in calculation results.

This strikes me as something that would benefit from multiple pairs of 
eyes. Perhaps it would be sensible to arrange a time to conduct such an


More information about the netsurf-dev mailing list