60795 2011-05-13 13:28:22 -0700 REGRESSION (WebKit2): Crash due to heap corruption in old versions of VLC plugin when page has two or more plugin instances 2022-06-23 19:51:45 -0700 1 1 1 Unclassified WebKit Plug-ins 528+ (Nightly build) Unspecified Unspecified RESOLVED WONTFIX data:text/html,<embed type="application/x-vlc-plugin"><embed type="application/x-vlc-plugin"> InRadar, PlatformOnly, Regression P2 Normal --- 46399 1 aroben webkit-unassigned andersca bweinstein jhoneycutt oldest_to_newest 403795 0 aroben 2011-05-13 13:28:22 -0700 To reproduce: 1. Install VLC 0.6.8d from http://download.videolan.org/pub/videolan/vlc/0.8.6d/win32/vlc-0.8.6d-win32.exe 2. Go to data:text/html,<embed type="application/x-vlc-plugin"><embed type="application/x-vlc-plugin"> 3. Reload the page until crash occurs The crash is in free() inside VLC code. The bug happens only in WebKit2, not in WebKit1. It looks like this happens in Firefox and Chrome, too, but it's harder to detect there due to out-of-process plugins. 403798 1 aroben 2011-05-13 13:29:08 -0700 WebKit1 works around this VLC bug using the PluginQuirkDontAllowMultipleInstances quirk. Note that the crash does not occur with the most recent version of VLC, 1.1.9. I haven't tested any other versions. 403802 2 aroben 2011-05-13 13:29:54 -0700 <rdar://problem/9436117> 1878094 3 ap 2022-06-23 19:51:45 -0700 Plug-in support has been removed from WebKit.