| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0002668 | NetSurf | Development | public | 2019-06-07 17:07 | 2019-07-19 09:27 | ||||
| Reporter | Vincent Sanders | ||||||||
| Assigned To | Vincent Sanders | ||||||||
| Severity | minor | Reproducibility | always | ||||||
| Status | closed | Resolution | fixed | ||||||
| Product Version | 3.9 | ||||||||
| Target Version | 3.9 | Fixed in Version | 3.9 | ||||||
| Summary | 0002668: out of bounds read | ||||||||
| Description | visit ign.com and get your very own oob access | ||||||||
| Additional Information | ==22739== Invalid read of size 1 ==22739== at 0x29C1EF: llcache_fetch_parse_cache_control (llcache.c:615) ==22739== by 0x29C1EF: llcache_fetch_header_cache_control (llcache.c:708) ==22739== by 0x29C1EF: llcache_fetch_process_header (llcache.c:810) ==22739== by 0x29D676: llcache_fetch_callback (llcache.c:2795) ==22739== by 0x21E64B: fetch_curl_header (curl.c:1393) ==22739== by 0x570829C: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0) ==22739== by 0x5706733: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0) ==22739== by 0x571FAE7: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0) ==22739== by 0x572AA65: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0) ==22739== by 0x572B6C0: curl_multi_perform (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0) ==22739== by 0x21FF63: fetch_curl_poll (curl.c:1219) ==22739== by 0x21C8DC: fetch_fdset (fetch.c:404) ==22739== by 0x2CD849: nsgtk_main (gui.c:404) ==22739== by 0x191492: main (gui.c:1206) ==22739== Address 0x1696132b is 0 bytes after a block of size 11 alloc'd ==22739== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299) ==22739== by 0x9564409: strndup (strndup.c:43) ==22739== by 0x29BCA3: llcache_fetch_split_header (llcache.c:563) ==22739== by 0x29BCA3: llcache_fetch_process_header (llcache.c:797) ==22739== by 0x29D676: llcache_fetch_callback (llcache.c:2795) ==22739== by 0x21E64B: fetch_curl_header (curl.c:1393) ==22739== by 0x570829C: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0) ==22739== by 0x5706733: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0) ==22739== by 0x571FAE7: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0) ==22739== by 0x572AA65: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0) ==22739== by 0x572B6C0: curl_multi_perform (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0) ==22739== by 0x21FF63: fetch_curl_poll (curl.c:1219) ==22739== by 0x21C8DC: fetch_fdset (fetch.c:404) | ||||||||
| Tags | No tags attached. | ||||||||
| Fixed in CI build # | 4669 | ||||||||
| Reported in CI build # | |||||||||
| URL of problem page | https://ign.com/ | ||||||||
| Attached Files |
| ||||||||
 Relationships |
|
 Relationships |
| Notes |
|
Vincent Sanders (administrator) 2019-06-10 21:28 |
this was caused by HTTP Cache-Control headers with syntax errors in their max-age stanza. Any stanza missing an = would cause the parser to skip the null instead of the = it assumed it had found The ign site had some js files with headers like $ curl -I https://apps.ign.com/video-player/release/6.4.4/default.d730d0c6.js HTTP/1.1 200 OK x-amz-id-2: QfISQVIgmXMngH++A8//RhnV9J40jB3h3TeT3IclQja93dt9WSgQAmHBUGJopnfEsIJdsxfPsq0= x-amz-request-id: 279AA2EE607F084B Last-Modified: Wed, 29 May 2019 23:43:41 GMT x-amz-version-id: cmxp2ovMdBYsW8ygV.SV5J_9X7sm9_2j ETag: "dbe1d57019f29b46b183d3a21b3297b2" Content-Type: application/javascript Server: AmazonS3 Access-Control-Allow-Origin: * Content-Length: 1259479 Accept-Ranges: bytes Date: Mon, 10 Jun 2019 19:56:04 GMT Via: 1.1 varnish Age: 0 Connection: keep-alive X-Served-By: cache-lcy19268-LCY X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1560196564.082379,VS0,VE171 Vary: Accept-Encoding Cache-Control: max-age:30 bug fixed in http://source.netsurf-browser.org/netsurf.git/commit/?id=e598dcd139d8221f828d542ccf6f03466a5aecdc |
|
Vincent Sanders (administrator) 2019-07-19 09:27 |
we believe this issue has been resolved in NetSurf 3.9 |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-06-07 17:07 | Vincent Sanders | New Issue | |
| 2019-06-09 15:08 | Vincent Sanders | Assigned To | => Vincent Sanders |
| 2019-06-09 15:08 | Vincent Sanders | Status | new => confirmed |
| 2019-06-10 21:28 | Vincent Sanders | Status | confirmed => resolved |
| 2019-06-10 21:28 | Vincent Sanders | Resolution | open => fixed |
| 2019-06-10 21:28 | Vincent Sanders | Fixed in Version | => 3.9 |
| 2019-06-10 21:28 | Vincent Sanders | Fixed in CI build # | => 4669 |
| 2019-06-10 21:28 | Vincent Sanders | Note Added: 0001956 | |
| 2019-07-19 09:27 | Vincent Sanders | Status | resolved => closed |
| 2019-07-19 09:27 | Vincent Sanders | Note Added: 0002002 | |
| Issue History |