This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HTMLSourceTracker crashes when network packets break poorly
https://bugs.webkit.org/show_bug.cgi?id=66728 Reviewed by Darin Adler. Source/WebCore: If there is a network packet boundary in the middle of an attribute that begins with the letters "on", then the HTMLSourceTracker will get confused and try to extract too many characters from future input. If the future input is small enough, that will walk off the end of the input and crash. Test: http/tests/security/xssAuditor/crash-while-loading-tag-with-pause.html * html/parser/HTMLSourceTracker.cpp: (WebCore::HTMLSourceTracker::sourceForToken): LayoutTests: Test that we don't crash when we get a bad network packet boundary. * http/tests/security/xssAuditor/crash-while-loading-tag-with-pause-expected.txt: Added. * http/tests/security/xssAuditor/crash-while-loading-tag-with-pause.html: Added. * http/tests/security/xssAuditor/resources/tag-with-pause.php: Added. Canonical link: https://commits.webkit.org/82540@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@93561 268f45cc-cd09-0410-ab3c-d52691b4dbfc
- Loading branch information
Showing 6 changed files with 60 additions and 0 deletions.