Closed
Bug 483209
Opened 16 years ago
Closed 15 years ago
[HTML5] The HTML5 parser needs limits on internal buffer growth
Categories
(Core :: DOM: HTML Parser, defect, P2)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: hsivonen, Assigned: hsivonen)
References
Details
(Whiteboard: [sg:dos])
The internal buffers of the HTML5 parser probably shouldn't grow until OOM, if an attacker sends an infinite file.
Assignee | ||
Updated•16 years ago
|
Priority: -- → P2
Updated•15 years ago
|
Blocks: html5-parsing
Whiteboard: [sg:dos]
Assignee | ||
Updated•15 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/a0f0fde99844
This puts a hard limit on everything except the list of formatting elements. I'll leave this open until either:
1) I figure out how a limit on the list of formatting elements should behave.
or
2) I convince myself that having a limit on the stack is enough and has the right side effects.
Assignee | ||
Comment 2•15 years ago
|
||
The previous attempt to fix this by guesswork wasn't successful and caused bug 554513.
As far as I can tell, the old parser only has a limit of 200 on the depth of the stack. I left the same limit in the HTML5 parser. (IIRC, the old sink previously had a limit of 4096 PRUnichars on the text node size, but I can no longer find that limit, so I guess it has been removed.)
Except for the stack limit of 200, I'm inclined to mark this bug WONTFIX on the basis that the old parser didn't have these limits.
Assignee | ||
Comment 3•15 years ago
|
||
I filed bug 555899 to have a separate bug number for the FIXED part.
I'm now marking this one WONTFIX on the grounds that the old parser seems to allow buffers grow without limit.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•