[Webkit-unassigned] [Bug 96467] New: Double Cookie with comma as "seperator" causes QuickTime to crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 11 22:06:16 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=96467

           Summary: Double Cookie with comma as "seperator" causes
                    QuickTime to crash
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Web Inspector
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: xn--mlform-iua at xn--mlform-iua.no
                CC: timothy at apple.com, abarth at webkit.org, rik at webkit.org,
                    keishi at webkit.org, pmuellr at yahoo.com,
                    joepeck at webkit.org, pfeldman at chromium.org,
                    yurys at chromium.org, bweinstein at apple.com,
                    apavlov at chromium.org, loislo at chromium.org,
                    caseq at chromium.org, vsevik at chromium.org


SUMMARY:

   Video and audio files served with the  popular opensource e-Learning system ATutor (currently at version 2.0.3) causes the QuickTime plug-in to crash in Webkit and Safari for Windows, OSX and iOS. This QuickTime plug-in  crash does however not affect other browsers when or if they use the QuickTime plug-in.  (For example IE and Firefox and Opera are not affected.)


   HOW TO REPLICATE, WITH ATUTOR 2.0.3

1. When trying to play a e.g. a MP3 file - either by clicking a link
   or by activating a <audio> element player
2. ATutor sends a cookie such as this one (I split it over 3 lines):
   Set-Cookie:
   ATutorID=17bea4674128b984e18b7d5a73f1a138; path=/foo/, 
   ATutorID=17bea4674128b984e18b7d5a73f1a138; path=/foo/
3. Note the comma on the second line. Note also the lack of 
   semicolon. 
4. Firefox inteprets the above as two identical cookies, and thus it
   probably deletes the first  cookie and keeps the last.
   Thus Firefox see the above as equivalen to these two lines:
      Set-Cookie: A=B C=D;
      Set-Cookie: A=B C=D;
5. Safari, however, probably sees it as a single, very long
   cookie. We could describe it as 
      ATutorID + ATutorID = ATutorIDATutorID
    HOWEVER: This is difficult to verify because, although I can see
    the cookie(s) in my browser (iCab)’s console, I cannot find it
    in its cookie storage.

   RESULTS: 

 A) As soon as I activate the MP3 file, I am kicked out of ATtutor.
 B) If the QuickTime player opened, then QuickTime crashes
 C) If the Audio player opened, then the player halts - it loads
    and loads, but nothing happens.

   THEORIES:

 * May be the issue is that QuickTime is unable to hanlde the cookie?
 * What speaks against that is that if I disable QuickTime (the iCab
   browser allows me to do that) I am still kicked out of ATutor when
   I click the MP3 link.
 * May be the issue is that this "double" cookie causes the old cookie
   to be invalidated or unset, wihtout a new cookie being set - with
   the result that I get logged out.

  REFERNCES:

  There is a ATutor bug report here:
  * http://atutor.ca/atutor/mantis/view.php?id=5065#c5840
  The ATutor bug report informs how you can experience the bug here:
  * http://atutor.ca/atutor/demo/content.php?cid=5580

I suspect that this bug is related to Bug 62700

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list