RESOLVED INVALID Bug 96467
Double Cookie with comma as "seperator" causes QuickTime to crash 
https://bugs.webkit.org/show_bug.cgi?id=96467
Summary Double Cookie with comma as "seperator" causes QuickTime to crash
Leif Halvard Silli
Reported 2012-09-11 22:06:38 PDT
SUMMARY: Video and audio files served with the popular opensource e-Learning system ATutor (currently at version 2.0.3) causes the QuickTime plug-in to crash in Webkit and Safari for Windows, OSX and iOS. This QuickTime plug-in crash does however not affect other browsers when or if they use the QuickTime plug-in. (For example IE and Firefox and Opera are not affected.) HOW TO REPLICATE, WITH ATUTOR 2.0.3 1. When trying to play a e.g. a MP3 file - either by clicking a link or by activating a <audio> element player 2. ATutor sends a cookie such as this one (I split it over 3 lines): Set-Cookie: ATutorID=17bea4674128b984e18b7d5a73f1a138; path=/foo/, ATutorID=17bea4674128b984e18b7d5a73f1a138; path=/foo/ 3. Note the comma on the second line. Note also the lack of semicolon. 4. Firefox inteprets the above as two identical cookies, and thus it probably deletes the first cookie and keeps the last. Thus Firefox see the above as equivalen to these two lines: Set-Cookie: A=B C=D; Set-Cookie: A=B C=D; 5. Safari, however, probably sees it as a single, very long cookie. We could describe it as ATutorID + ATutorID = ATutorIDATutorID HOWEVER: This is difficult to verify because, although I can see the cookie(s) in my browser (iCab)’s console, I cannot find it in its cookie storage. RESULTS: A) As soon as I activate the MP3 file, I am kicked out of ATtutor. B) If the QuickTime player opened, then QuickTime crashes C) If the Audio player opened, then the player halts - it loads and loads, but nothing happens. THEORIES: * May be the issue is that QuickTime is unable to hanlde the cookie? * What speaks against that is that if I disable QuickTime (the iCab browser allows me to do that) I am still kicked out of ATutor when I click the MP3 link. * May be the issue is that this "double" cookie causes the old cookie to be invalidated or unset, wihtout a new cookie being set - with the result that I get logged out. REFERNCES: There is a ATutor bug report here: * http://atutor.ca/atutor/mantis/view.php?id=5065#c5840 The ATutor bug report informs how you can experience the bug here: * http://atutor.ca/atutor/demo/content.php?cid=5580 I suspect that this bug is related to Bug 62700
Attachments
WebKitPluginHost_2012-09-12-030525_dataormen.crash (40.11 KB, application/octet-stream)
2012-09-12 17:51 PDT, Leif Halvard Silli 		no flags
Details
PluginProcess_2012-09-12-005812_localhost.crash (63.97 KB, application/octet-stream)
2012-09-12 17:52 PDT, Leif Halvard Silli 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Leif Halvard Silli
Comment 1 2012-09-11 22:21:31 PDT
I am not sure if "media elements" refers to <audio> and <video> or if it refers to "media objects". If "media elements" is not the right component, then perhaps "web audio"? Bu if there had been a component for Cookies, then that would obviously have been the correct one.
Alexey Proskuryakov
Comment 2 2012-09-12 13:42:54 PDT
> There is a ATutor bug report here: > * http://atutor.ca/atutor/mantis/view.php?id=5065#c5840 > The ATutor bug report informs how you can experience the bug here: > * http://atutor.ca/atutor/demo/content.php?cid=5580 Both these link require login. Could you please provide a direct URL to a test case, and also attach a crash log?
Leif Halvard Silli
Comment 3 2012-09-12 15:38:25 PDT
DEMO without password wall. It requires two steps: 1) Visit course homepage: http://atutor.ca/atutor/demo/bounce.php?course=332 2) Visit the demo page: http://atutor.ca/atutor/demo/content.php?cid=5580 NOTE: The demo page contain a <a> link and a <audio> player. NOTE: Because I removed the login requirement, you will - obviously - not experience to be kicked out of the CMS.
Leif Halvard Silli
Comment 4 2012-09-12 17:16:42 PDT
(In reply to comment #3) > NOTE: Because I removed the login requirement, you will - obviously - not experience to be kicked out of the CMS. FIRST: I am sorry, but was probably not a good idea to use that server as that server is just an "off the shelf" demo installation, with a Content-Disposition header without the type parameter that I have fixed in my own installation. SECOND: Though this is a "public" course, it, it turns out you may still get "logged out". And it turns out that, if you visit the page with Chrome or Webkit, then you get kicked out - and this is related to the media files. However, I suspect that it might be the Content-Disposition HTTP header bug that affects it in Chrome. (In Opera an Firefox, one does not get kicked out. THIRD: On my own server, where the Content-Disposition issue is fixed, Chrome does not get kicked out. On my private server, then it is only in Safari that the player stalls. But on the demo installation, then I note that even Chrome's player stalls. Please let me know if this info helps. (In the mean time I will look into whether it is possible for me to create a better demo somewhere.)
Leif Halvard Silli
Comment 5 2012-09-12 17:51:33 PDT
Created attachment 163748 [details] WebKitPluginHost_2012-09-12-030525_dataormen.crash
Leif Halvard Silli
Comment 6 2012-09-12 17:52:05 PDT
Created attachment 163749 [details] PluginProcess_2012-09-12-005812_localhost.crash
Alexey Proskuryakov
Comment 7 2012-09-12 20:24:43 PDT
Thank you for the crash reports. Looking at these, I believe that this is not a WebKit issue, but an issue in closed source Apple framework. Please report this bug to Apple via <http://bugreport.apple.com>, so that engineers working on this code could investigate. It would be best to first confirm whether this still happens on OS X 10.8.1, and to provide a URL where one can see this happen by simply opening it. Marking IBVALID as a non-WebKit issue. Thank you for reporting this!
Note You need to log in before you can comment on or make changes to this bug.