[Webkit-unassigned] [Bug 17814] New: Reading past end of string, for certain malformed <?xml ..?> tags
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 12 16:32:15 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=17814
Summary: Reading past end of string, for certain malformed <?xml
..?> tags
Product: WebKit
Version: 525+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Page Loading
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: minatoar at gmail.com
This applies to the "Safari-3-1-branch".
when parsing malformed <?xml ...?> tags, strict bounds checking is not
enforced, so can read past the end of string.
For example "http://www.exitfest.org" does not have a terminal question-mark:
<?xml version="1.0" encoding="iso-8859-2">
And has caused a crash for me.
This problem looks to have been fixed in:
trunk/WebCore/loader/TextResourceDecoder.cpp @ r30535
Perhaps this is worth back-porting to the 3.1 branch.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list