[Webkit-unassigned] [Bug 82823] [WebSocket]Browser should have platform-specific limitations regarding the frame size

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Apr 1 12:37:55 PDT 2012


--- Comment #7 from Alexey Proskuryakov <ap at webkit.org>  2012-04-01 12:37:55 PST ---
Some easier ways to protect against this would be:

1. Fail gracefully when allocation fails.
2. Allocate memory when data is actually received, not when frame header states that it will be huge (maybe we already do that?)

What's complicated about the approach suggested here is that there is no guidance about how to choose the limit on each platform. And the limit should really be the same across platforms for compatibility.

It's normal that huge content will cause out of memory situations in the engine. We have no protections against crashing when receiving a multi-gigabyte HTML file, for example. The kind of issues we generally protect against is when a single value somewhere can cause out of memory situations, making for an easy denial of service attack.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list