Bug 32203

Summary: Bad length parsing in WebSocket
Product: WebKit Reporter: Fumitoshi Ukai <ukai>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Fix bad legnth parsing in WebSocket.
none
Fix wrong length parsing in WebSocket. darin: review+

Description Fumitoshi Ukai 2009-12-06 17:12:38 PST 
WebSocket spec says "Frames denoted by bytes that have the high bit set (0x80 to 0xFF) have a leading length indicator, which is encoded as a series of 7-bit bytes stored in octets with the 8th bit being set for all but the last byte", but current implementation doesn't count the last byte with 8th bit off.
Comment 1 Fumitoshi Ukai 2009-12-06 17:29:05 PST 
Created attachment 44370 [details]
Fix bad legnth parsing in WebSocket.
Comment 2 WebKit Review Bot 2009-12-06 17:31:36 PST 
style-queue ran check-webkit-style on attachment 44370 [details] without any errors.
Comment 3 Alexey Proskuryakov 2009-12-06 22:59:23 PST 
+                int c = *p;

Can "c" have a descriptive name?

-  msg += "\x80\x81\x81"
+  msg += "\x80\x81\x01"  # skip 1*128+1 bytes.

ChangeLog should explain why changing an existing test is OK. It is not obvious why/if the bug it was originally created for is still tested.
Comment 4 Fumitoshi Ukai 2009-12-06 23:21:04 PST 
Created attachment 44388 [details]
Fix wrong length parsing in WebSocket.
Comment 5 WebKit Review Bot 2009-12-06 23:22:18 PST 
style-queue ran check-webkit-style on attachment 44388 [details] without any errors.
Comment 6 Fumitoshi Ukai 2009-12-07 20:05:58 PST 
Committed r51829: <http://trac.webkit.org/changeset/51829>