Open
Bug 264999
Opened 20 years ago
Updated 2 years ago
atoms do not handle embedded NUL characters
Categories
(Core :: XPCOM, defect)
Tracking
()
REOPENED
People
(Reporter: mrbkap, Unassigned)
References
Details
While debugging bug 264956, bz and I found that atoms do not handle embedded NUL
characters. This was an issue because we were given "input\0AAA" so the parser
was creating a userdefined node, but when we later created an atom out of it, it
came back as "input", so we ended up trying to QI as an input element and crashing.
The fix to bug 264956 prevents this now, but as NULs can also come through
attributes, and these also get turned into atoms, this is still a problem.
Comment 1•20 years ago
|
||
To be precise, our mutation event code atomizes attribute _values_. Which can
well contain nulls.
xul elements atomizes all attribute values smaller then a certain size. All
other elements should as well, though I don't think I actually flicked the
switch on that.
Comment 3•20 years ago
|
||
I don't believe null characters are ever valid characters in XML data, but maybe
they can in HTML... But I don't think there's anything preventing them from
coming in through the DOM...
Comment 4•20 years ago
|
||
FYI, I fixed Atom and friends to handle NUL in bug 228856 (Patch2).
Depends on: CVE-2008-5510
Updated•18 years ago
|
Assignee: dougt → nobody
QA Contact: xpcom
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Comment 6•12 years ago
|
||
The patch that Mats wrote, fixing Atom, was never applied (as far as I know). We went with a different, narrower fix in the CSS parser for bug 228856.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•