Possible memory corruption problems in Apple Safari
Hello,
I was playing around with Safari the other day and noticed that it
crashes solid if you convince it to visit:
data://<h1>crash</h1>
Typing it into the address bar is sufficient for testing and crashes
the browser completely. I loaded up Safari in gdb to see where it
crashes and got the following result:
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_INVALID_ADDRESS at address: 0x076fffff
> [Switching to process 266 thread 0x6403]
> 0xffff8ce4 in ___memcpy ()
The fact that random data from the Internet is causing problems with
memcpy worries me. I haven't figured out how to change the arguments
to memcpy, but it seems possible. Hopefully someone that knows more
about debugging threaded Objective-C programs running on PPC can
look into it. I'm more of a simple x86/C person myself :)
Just for reference, it seems that Safari needs a very specific set of
inputs to actually crash:
data://<h>/ doesn't crash
but
data://<h>/< does
(also data://<crash>test</crash> doesn't crash... the h in <h1> seems
important somehow).
Regards (and good luck),
Jonathan Rockway