Open
Bug 1063986
Opened 10 years ago
Updated 2 years ago
Unknown file starting with NUL NUL SOH NUL parsed as image/x-icon
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
NEW
People
(Reporter: obrufau, Unassigned)
Details
Attachments
(1 file)
4 bytes,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0 Build ID: 20140906030204 Steps to reproduce: Create a file starting with NUL NUL SOH NUL. For example, see the attached demo. Let the file have no extension, or an unknown one. Open it using the file scheme, or served by a server without Content-Type header. Actual results: Firefox attempts to parse the file as an image/x-icon image. Expected results: Firefox shouldn't think that an unknown file is an image. In my case the file was a log file created by Microsoft Tracelog (.etl). It started with those characters and somehow it got opened with Firefox. Confusingly, Firefox said it was a broken image.
Comment 1•10 years ago
|
||
A browser tries to detect the filetype if no content-type is available. That detection is not error free and a security risk if done wrong and that is the reason why newer http protocols require that a server sends a content-type header. The file detection is a complicated task and the unknown content decoder tries various things to detect the filetype. It looks at the url (e.g. http://example.com/test.gif, file:///c:/test.gif) and then at the content of the file itself. In some cases magic numbers (http://en.wikipedia.org/wiki/Magic_number_%28programming%29#Magic_numbers_in_files) are used to detect the filetype and in this case you found the magic number for image/x-icon. The place where it happens is here: http://mxr.mozilla.org/mozilla-central/source/image/src/imgLoader.cpp#2238 BTW: Google Chrome is using the same magic numbers: https://chromium.googlesource.com/chromium/src/net/+/master/base/mime_sniffer.cc (line 229) Is the detection wrong ? Yes Is that a bug that should be fixed ? Most likely not So i suggest to close this as wontfix Moving to imagelib (the unknown content decoder is in network but the image detection is part of imagelib)
Status: UNCONFIRMED → NEW
Component: Untriaged → ImageLib
Ever confirmed: true
Product: Firefox → Core
Thanks for the explanation. But I think that if Firefox makes a guess to parse an unknown file, it should notify the user. Like "remember password", there could appear an icon at the left of the location bar with a message explaining firefox is not sure of type of the file. In that message there should be a way to parse the file again using a custom mime type.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•