18350 – Limit parsing recursion to prevent crashes

RESOLVED DUPLICATE of bug 18282 Bug 18350

Limit parsing recursion to prevent crashes

https://bugs.webkit.org/show_bug.cgi?id=18350

Summary Limit parsing recursion to prevent crashes

Mark Larson (Google)

Reported 2008-04-07 20:09:43 PDT

I think this is a denial-of-service nuisance attack and not an exploitable crash. You can create a deeply nested tree by doing something similar to: perl -e '{print "<x>"x100000}' >foo.html (I can provide this as an attachment, but it's 300K and easy to create on any machine.) If you load that page and then reload or navigate away, Safari 3.1 crashes. This might be similar to bug 14886: Stack overflow due to deeply nested parse tree. Neither IE nor Firefox crash with the same input.

Attachments
Add attachment proposed patch, testcase, etc.

Eric Seidel (no email)

Comment 1 2008-07-03 22:48:18 PDT

*** This bug has been marked as a duplicate of 18282 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 18282

Priority P2

Severity Normal

Classification Unclassified

Version 525.x (Safari 3.1)

Hardware PC

OS Windows XP

Product WebKit

Component DOM

Assignee

Nobody

Reported

2008-04-07 20:09 PDT

Modified

2008-07-03 22:48 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks