Bug 60795 - REGRESSION (WebKit2): Crash due to heap corruption in old versions of VLC plugin when page has two or more plugin instances
Summary: REGRESSION (WebKit2): Crash due to heap corruption in old versions of VLC plu...
Status: RESOLVED WONTFIX
Alias: None
Product: WebKit
Classification: Unclassified
Component: Plug-ins (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL: data:text/html,<embed type="applicati...
Keywords: InRadar, PlatformOnly, Regression
Depends on:
Blocks: 46399
  Show dependency treegraph
 
Reported: 2011-05-13 13:28 PDT by Adam Roben (:aroben)
Modified: 2022-06-23 19:51 PDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2011-05-13 13:28:22 PDT 
To reproduce:

1. Install VLC 0.6.8d from http://download.videolan.org/pub/videolan/vlc/0.8.6d/win32/vlc-0.8.6d-win32.exe
2. Go to data:text/html,<embed type="application/x-vlc-plugin"><embed type="application/x-vlc-plugin">
3. Reload the page until crash occurs

The crash is in free() inside VLC code. The bug happens only in WebKit2, not in WebKit1. It looks like this happens in Firefox and Chrome, too, but it's harder to detect there due to out-of-process plugins.
Comment 1 Adam Roben (:aroben) 2011-05-13 13:29:08 PDT 
WebKit1 works around this VLC bug using the PluginQuirkDontAllowMultipleInstances quirk.

Note that the crash does not occur with the most recent version of VLC, 1.1.9. I haven't tested any other versions.
Comment 2 Adam Roben (:aroben) 2011-05-13 13:29:54 PDT 
<rdar://problem/9436117>
Comment 3 Alexey Proskuryakov 2022-06-23 19:51:45 PDT 
Plug-in support has been removed from WebKit.