18350 – Limit parsing recursion to prevent crashes

Bug 18350 - Limit parsing recursion to prevent crashes

Summary: Limit parsing recursion to prevent crashes

Status:	RESOLVED DUPLICATE of bug 18282

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	525.x (Safari 3.1)
Hardware:	PC Windows XP

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-04-07 20:09 PDT by Mark Larson (Google)
Modified:	2008-07-03 22:48 PDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Larson (Google) 2008-04-07 20:09:43 PDT

I think this is a denial-of-service nuisance attack and not an exploitable crash.

You can create a deeply nested tree by doing something similar to:
   perl -e '{print "<x>"x100000}' >foo.html

(I can provide this as an attachment, but it's 300K and easy  to create on any machine.)

If you load that page and then reload or navigate away, Safari 3.1 crashes.

This might be similar to bug 14886: Stack overflow due to deeply nested parse tree.

Neither IE nor Firefox crash with the same input.

Comment 1 Eric Seidel (no email) 2008-07-03 22:48:18 PDT


*** This bug has been marked as a duplicate of 18282 ***