Bug 32203

Summary: Bad length parsing in WebSocket
Product: WebKit Reporter: Fumitoshi Ukai <ukai>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Fix bad legnth parsing in WebSocket.
none
Fix wrong length parsing in WebSocket. darin: review+

Fumitoshi Ukai
Reported 2009-12-06 17:12:38 PST
WebSocket spec says "Frames denoted by bytes that have the high bit set (0x80 to 0xFF) have a leading length indicator, which is encoded as a series of 7-bit bytes stored in octets with the 8th bit being set for all but the last byte", but current implementation doesn't count the last byte with 8th bit off.
Attachments
Fix bad legnth parsing in WebSocket. (3.28 KB, patch)
2009-12-06 17:29 PST, Fumitoshi Ukai 		no flags
DetailsFormatted DiffDiff
Fix wrong length parsing in WebSocket. (3.65 KB, patch)
2009-12-06 23:21 PST, Fumitoshi Ukai 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Fumitoshi Ukai
Comment 1 2009-12-06 17:29:05 PST
Created attachment 44370 [details] Fix bad legnth parsing in WebSocket.
WebKit Review Bot
Comment 2 2009-12-06 17:31:36 PST
style-queue ran check-webkit-style on attachment 44370 [details] without any errors.
Alexey Proskuryakov
Comment 3 2009-12-06 22:59:23 PST
+ int c = *p; Can "c" have a descriptive name? - msg += "\x80\x81\x81" + msg += "\x80\x81\x01" # skip 1*128+1 bytes. ChangeLog should explain why changing an existing test is OK. It is not obvious why/if the bug it was originally created for is still tested.
Fumitoshi Ukai
Comment 4 2009-12-06 23:21:04 PST
Created attachment 44388 [details] Fix wrong length parsing in WebSocket.
WebKit Review Bot
Comment 5 2009-12-06 23:22:18 PST
style-queue ran check-webkit-style on attachment 44388 [details] without any errors.
Fumitoshi Ukai
Comment 6 2009-12-07 20:05:58 PST
Committed r51829: <http://trac.webkit.org/changeset/51829>
Note You need to log in before you can comment on or make changes to this bug.