[Webkit-unassigned] [Bug 174267] New: Selecting and right-clicking URL-like strings with IDNA-disallowed characters in host or authority causes rendering engine crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 7 12:40:45 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=174267
Bug ID: 174267
Summary: Selecting and right-clicking URL-like strings with
IDNA-disallowed characters in host or authority causes
rendering engine crash
Product: WebKit
Version: WebKit Nightly Build
Hardware: Macintosh
OS: macOS 10.12
Status: NEW
Severity: Normal
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jesse at jesseshapiro.net
Created attachment 314862
--> https://bugs.webkit.org/attachment.cgi?id=314862&action=review
Reproduction cases
Reproduced in MacOS 10.12.5 with Safari 10.1.1 (12603.2.4) as well as WebKit Nightly 10.1.1 (12603.2.4, r219255).
A friend attempted to reproduce the failure case with OS X 10.10.4 and Safari 8.0.7 (10600.7.12), and did not observe the problematic behavior.
Expected behavior:
Selecting any given amount of arbitrary text and right-clicking it does not crash the webpage process.
Actual behavior:
When selecting and then right-clicking text of the following format, the webpage process crashes:
1. The text has the appearance of a URL (scheme://host at a minimum). The scheme need not be an actual recognized scheme.
2. The host and/or authority component of the supposed URL contain one of a range of characters. All known reproduction cases involve characters that are IDNA disallowed. For example, Ⴀ or …. Any of these characters in the scheme, port, or path of the URL do not cause a crash.
This is easiest to reproduce when the text in question the user-visible text of an <a> tag, since right-clicking a link selects the text. Thus, an HTML file with minimal reproduction cases is included. However, it can be reproduced by simply selecting plain text, and then right-clicking. Demonstration:
http://Ⴀ
Crash log to be attached after submission. Looking at it, it appears as though upon right-clicking any selected text, a check is made to determine if it's a navigable URL, and the error occurs in this process.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170707/0c7d7f50/attachment.html>
More information about the webkit-unassigned
mailing list