[Webkit-unassigned] [Bug 82823] [WebSocket]Browser should have platform-specific limitations regarding the frame size
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Apr 1 20:08:40 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82823
--- Comment #8 from Li Yin <li.yin at intel.com> 2012-04-01 20:08:39 PST ---
(In reply to comment #7)
> Some easier ways to protect against this would be:
>
> 1. Fail gracefully when allocation fails.
> 2. Allocate memory when data is actually received, not when frame header states that it will be huge (maybe we already do that?)
Yeah, browser used tryFastMalloc function to allocate memory, when it received a single frame whose final bit was set to be 1, which indeed can protect browser against crash.
But when browser received a long stream of small frames that are a part of a fragmented message, it used "append" function to add data into Vector<char> m_continuousFrameData, maybe it fail because of no memory, I think using "tryappend" to replace "append" function can protect the browser against crash.
Maybe we will need a patch to do that, do you think so?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list