[haiku-bugs] Re: [Haiku] #13625: Webpositive crashes on URL

  • From: "accessays" <trac@xxxxxxxxxxxx>
  • Date: Fri, 28 Jul 2017 19:53:18 -0000

#13625: Webpositive crashes on URL
----------------------------------------+----------------------------
   Reporter:  vidrep                    |      Owner:  pulkomandy
       Type:  bug                       |     Status:  new
   Priority:  normal                    |  Milestone:  Unscheduled
  Component:  Applications/WebPositive  |    Version:  R1/Development
 Resolution:                            |   Keywords:
 Blocked By:                            |   Blocking:
Has a Patch:  1                         |   Platform:  All
----------------------------------------+----------------------------

Comment (by accessays):

 Replying to [comment:4 pulkomandy]:
 Here is what I get:
 {{{
     HTTPS: Resolving https://ir-na.amazon-
 adsystem.com/e/ir?t=thedigital02-20&l=ur2&o=1
     HTTPS: Hostname resolved to: 72.21.215.147:443
     HTTPS: Connection to ir-na.amazon-adsystem.com on port 443.
     HTTPS: Connection opened, sending request.
 --> HTTPS: Host: ir-na.amazon-adsystem.com
 --> HTTPS: Accept:
 text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 --> HTTPS: Accept-Encoding: gzip
 --> HTTPS: Connection: close
 --> HTTPS: User-Agent: Mozilla/5.0 (Macintosh; Intel Haiku R1 x86)
 AppleWebKit/602.1.19 (KHTML, like Gecko) WebPositive/1.2 Version/8.0
 Safari/602.1.19
     HTTPS: Request sent.
     HTTPS: Status line received: Code 200 ()
 <-- HTTPS: Content-Type: image/gif
 <-- HTTPS: Connection: close
 <-- HTTPS: Content-Length: 42
 <-- HTTPS: Cache-Control: no-cache
 <-- HTTPS: Pragma: no-cached
 }}}
 And then the segment violation happens.
 What seemingly happens, is that in `_GetLine()` `characterIndex` is
 assumed to never be 0 when size of the input buffer is not zero, but size
 the headers end with LF LF instead of CRLF CRLF, there are no characters
 between the first and the second separators (i.e. no CR after first LF) so
 `characterIndex` becomes 0 and that later causes it to overflow.
 Here are the values from `fInputBuffer->fImpl` at the time of the crash:

 `fBuffer`: `HTTP/1.1 200 \nContent-Type: image/gif\nConnection: close
 \nContent-Length: 42\nCache-Control: no-cache\nPragma: no-
 cache\n\nGIF89a...`[[BR]]
 `fBufferSize`: `318`[[BR]]
 `fBufferStart`: `117`[[BR]]
 `fBufferEnd`: `159`[[BR]]

 fBuffer has some zeroes at the end (GIF itself) that are not included.

--
Ticket URL: <https://dev.haiku-os.org/ticket/13625#comment:5>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.

Other related posts: