[Webkit-unassigned] [Bug 18350] New: Limit parsing recursion to prevent crashes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 7 20:09:43 PDT 2008


           Summary: Limit parsing recursion to prevent crashes
           Product: WebKit
           Version: 525.x (Safari 3.1)
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mark.larson at gmail.com

I think this is a denial-of-service nuisance attack and not an exploitable

You can create a deeply nested tree by doing something similar to:
   perl -e '{print "<x>"x100000}' >foo.html

(I can provide this as an attachment, but it's 300K and easy  to create on any

If you load that page and then reload or navigate away, Safari 3.1 crashes.

This might be similar to bug 14886: Stack overflow due to deeply nested parse

Neither IE nor Firefox crash with the same input.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list