[Webkit-unassigned] [Bug 18350] New: Limit parsing recursion to prevent crashes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 7 20:09:43 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18350
Summary: Limit parsing recursion to prevent crashes
Product: WebKit
Version: 525.x (Safari 3.1)
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: P2
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mark.larson at gmail.com
I think this is a denial-of-service nuisance attack and not an exploitable
crash.
You can create a deeply nested tree by doing something similar to:
perl -e '{print "<x>"x100000}' >foo.html
(I can provide this as an attachment, but it's 300K and easy to create on any
machine.)
If you load that page and then reload or navigate away, Safari 3.1 crashes.
This might be similar to bug 14886: Stack overflow due to deeply nested parse
tree.
Neither IE nor Firefox crash with the same input.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list