[Webkit-unassigned] [Bug 38935] New: [Qt][Symbian] data URIs cause crash at QFile layer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 11 14:38:21 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=38935

           Summary: [Qt][Symbian] data URIs cause crash at QFile layer
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: S60 Hardware
        OS/Version: S60 3rd edition
            Status: NEW
          Keywords: Qt
          Severity: Major
          Priority: P2
         Component: WebKit Qt
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: siddharth.mathur at nokia.com
                CC: laszlo.1.gombos at nokia.com


Created an attachment (id=55759)
 --> (https://bugs.webkit.org/attachment.cgi?id=55759)
repro case

[reporting on behalf of Jyri-Petteri Huttunen and Tom Hechang as reported on s60qt mailing list. The fix might be cross-platform, if QtWebkit can be changed to avoid involving QFile at all in case of data URIs]


Use case: 
---------
We currently have an issue related to showing image in base64 format in Qwebkit. We create a simple qt application which has a qwebview and load a pic.html. The application run normally on windows, and will show a red cross on screen.

While we build the application on symbian^3/4, it will crash when start the app. We are wondering if this is a bug for qt webkit. The pic.html is attached. 


Prelim analysis by Shane Kearns: 
-------------------------------

The findBackend() function calls each backend factory in an iterator.
The first one to successfully process the request is used.

The file backend calls QFileInfo("data:.......").exists() which crashes inside open C.
open C needs to check the length of filenames passed to stat(), fopen() etc to prevent a buffer overrun panic when it is asked for a filename that is longer than the OS can support.

Once open C is fixed, then the exists() function would return false; and the data backend would be tried (and presumably succeed).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list