Closed
Bug 483209
Opened 16 years ago
Closed 15 years ago
[HTML5] The HTML5 parser needs limits on internal buffer growth
Categories
(Core :: DOM: HTML Parser, defect, P2)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: hsivonen, Assigned: hsivonen)
References
Details
(Whiteboard: [sg:dos])
The internal buffers of the HTML5 parser probably shouldn't grow until OOM, if an attacker sends an infinite file.
|
Assignee | |
Updated•16 years ago
|
Priority: -- → P2
|
||
Updated•15 years ago
|
Blocks: html5-parsing
Whiteboard: [sg:dos]
|
|
Assignee | |
Updated•15 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 1•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/a0f0fde99844
This puts a hard limit on everything except the list of formatting elements. I'll leave this open until either:
1) I figure out how a limit on the list of formatting elements should behave.
or
2) I convince myself that having a limit on the stack is enough and has the right side effects.
|
|
Assignee | |
Comment 2•15 years ago
|
||
The previous attempt to fix this by guesswork wasn't successful and caused bug 554513.
As far as I can tell, the old parser only has a limit of 200 on the depth of the stack. I left the same limit in the HTML5 parser. (IIRC, the old sink previously had a limit of 4096 PRUnichars on the text node size, but I can no longer find that limit, so I guess it has been removed.)
Except for the stack limit of 200, I'm inclined to mark this bug WONTFIX on the basis that the old parser didn't have these limits.
|
|
Assignee | |
Comment 3•15 years ago
|
||
I filed bug 555899 to have a separate bug number for the FIXED part.
I'm now marking this one WONTFIX on the grounds that the old parser seems to allow buffers grow without limit.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•