Bug 20395
| Summary: | malformed http response headers continuation cause NULL dereference | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Tavis Ormandy <taviso> |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | ap, mrowe |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 525.x (Safari 3.1) | ||
| Hardware: | Mac (Intel) | ||
| OS: | OS X 10.5 | ||
Tavis Ormandy
printf "HTTP/1.1 200\nX:X\rX\n X\n"
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Mark Rowe (bdash)
Can you provide a crash log with bug reports about crashes please? See <http://webkit.org/quality/crashlogs.html> for info. It makes screening these bug reports much easier as we don't have have to set up a test environment to reproduce the crash before determining where the issue is.
Alexey Proskuryakov
Thread 4 Crashed:
0 com.apple.CoreFoundation 0x90d64512 CFStringCreateMutableCopy + 34
1 com.apple.CFNetwork 0x96919592 CFHTTPMessageAppendBytes + 1410
2 com.apple.CFNetwork 0x969188ef readHeaderBytes + 528
3 com.apple.CFNetwork 0x969185ce httpRdFilterCanReadNoSignal + 105
4 com.apple.CFNetwork 0x96918e0b httpRdFilterCanRead + 47
5 com.apple.CoreFoundation 0x90d54f43 CFReadStreamHasBytesAvailable + 291
6 com.apple.CFNetwork 0x96918363 prepareReception + 151
7 com.apple.CFNetwork 0x96912f51 httpConnectionStateChanged + 2221
8 com.apple.CFNetwork 0x96918235 scheduleNewResponse + 141
9 com.apple.CFNetwork 0x9691319e scheduleNewRequest + 190
10 com.apple.CFNetwork 0x969180af _CFNetConnectionRequestIsComplete + 160
11 com.apple.CFNetwork 0x9691734c httpConnectionRequestStreamCB + 114
12 com.apple.CFNetwork 0x96917279 connectionRequestCallBack + 79
13 com.apple.CoreFoundation 0x90d525e9 _CFStreamSignalEventSynch + 137
14 com.apple.CoreFoundation 0x90d54187 CFWriteStreamSignalEvent + 39
15 com.apple.CFNetwork 0x96917588 httpWrFilterStreamCallBack + 394
16 com.apple.CoreFoundation 0x90d525e9 _CFStreamSignalEventSynch + 137
17 com.apple.CoreFoundation 0x90d54187 CFWriteStreamSignalEvent + 39
18 com.apple.CFNetwork 0x96905190 _SocketCallBack + 2153
19 com.apple.CoreFoundation 0x90d497b1 __CFSocketDoCallback + 273
20 com.apple.CoreFoundation 0x90d4af55 __CFSocketPerformV0 + 133
21 com.apple.CoreFoundation 0x90d40615 CFRunLoopRunSpecific + 3141
22 com.apple.CoreFoundation 0x90d40cf8 CFRunLoopRunInMode + 88
23 com.apple.Foundation 0x90331460 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320
24 com.apple.Foundation 0x902cdf1d -[NSThread main] + 45
25 com.apple.Foundation 0x902cdac4 __NSThread__main__ + 308
26 libSystem.B.dylib 0x957406f5 _pthread_start + 321
27 libSystem.B.dylib 0x957405b2 thread_start + 34
Alexey Proskuryakov
<rdar://problem/6155579>
Alexey Proskuryakov
Marking as INVALID as a non-WebKit bug. This will be investigated internally by Apple engineers working on CFNetwork, thank you for filing this bug!