[Webkit-unassigned] [Bug 60795] New: REGRESSION (WebKit2): Crash due to heap corruption in old versions of VLC plugin when page has two or more plugin instances

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=60795

           Summary: REGRESSION (WebKit2): Crash due to heap corruption in
                    old versions of VLC plugin when page has two or more
                    plugin instances
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
               URL: data:text/html,<embed
                    type="application/x-vlc-plugin"><embed
                    type="application/x-vlc-plugin">
        OS/Version: Unspecified
            Status: NEW
          Keywords: NeedsRadar, PlatformOnly, Regression
          Severity: Normal
          Priority: P2
         Component: Plug-ins
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: aroben at apple.com
                CC: andersca at apple.com, jhoneycutt at apple.com,
                    bweinstein at apple.com


To reproduce:

1. Install VLC 0.6.8d from http://download.videolan.org/pub/videolan/vlc/0.8.6d/win32/vlc-0.8.6d-win32.exe
2. Go to data:text/html,<embed type="application/x-vlc-plugin"><embed type="application/x-vlc-plugin">
3. Reload the page until crash occurs

The crash is in free() inside VLC code. The bug happens only in WebKit2, not in WebKit1. It looks like this happens in Firefox and Chrome, too, but it's harder to detect there due to out-of-process plugins.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.