[Webkit-unassigned] [Bug 207424] Crash in WebCore::ParsedContentType::parseContentType when parsing invalid MIME type
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 7 22:19:02 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=207424
Rob Buis <rbuis at igalia.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rbuis at igalia.com
--- Comment #3 from Rob Buis <rbuis at igalia.com> ---
Comment on attachment 390160
--> https://bugs.webkit.org/attachment.cgi?id=390160
Patch v1
View in context: https://bugs.webkit.org/attachment.cgi?id=390160&action=review
I think https://mimesniff.spec.whatwg.org/#parsing-a-mime-type specifies different behavior. Also I think implementing Darin's suggestion in this bug/patch is fine.
> Source/WebCore/platform/network/ParsedContentType.cpp:283
> if (m_contentType[index++] == ';')
We probably want to implement https://mimesniff.spec.whatwg.org/#parsing-a-mime-type step 11.6 at this point. So at this point it should be safe to break in case of index >= contentTypeLength.
> Source/WebCore/platform/network/ParsedContentType.cpp:288
> + return false;
See above, this is not what MIMESniff spec wants.
> Source/WebCore/platform/network/ParsedContentType.cpp:290
> String parameterName = keyRange->toString();
This should take into account that keyRange can be null (for MIMESniff mode), since parameterName being empty is fine for that spec. I.e. I expect this to be valid text/plain;=wrong;text=value
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200208/7d06f8bb/attachment.htm>
More information about the webkit-unassigned
mailing list