-
Bug
-
Resolution: Unresolved
-
P5
-
8u112, 9
-
OS X 10.10.5
java -version
java version "1.8.0_112"
Java(TM) SE Runtime Environment (build 1.8.0_112-b16)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b16, mixed mode)java -version
java version "9-ea"
Java(TM) SE Runtime Environment (build 9-ea+151)
Java HotSpot(TM) 64-Bit Server VM (build 9-ea+151, mixed mode)OS X 10.10.5 java -version java version "1.8.0_112" Java(TM) SE Runtime Environment (build 1.8.0_112-b16) Java HotSpot(TM) 64-Bit Server VM (build 25.112-b16, mixed mode) java -version java version "9-ea" Java(TM) SE Runtime Environment (build 9-ea+151) Java HotSpot(TM) 64-Bit Server VM (build 9-ea+151, mixed mode)
-
os_x
On OS X 10.10.5, when dragging a transfer object "http://www.cnn.com/\r\n" as type "text/uri-list" to Safari, Safari crashes and the system becomes unstable (programs don't start or stop anymore, webpages don't open, etc.)
When omitting the CRLF, i.e. using "http://www.cnn.com/" this works as expected. However, https://tools.ietf.org/html/rfc2483 specifies in §5:
"As for all text/* formats, lines are terminated with a CRLF pair."
I interpret this to mean that any line may be terminated with a CRLF, regardless of whether something follows or not. And even if the data was malformed somehow, a simple drag should never cause systemwide problems. Therefore we have to be more careful with what we pass to the system.
To reproduce, start the attached file and drag the label to an open Safari pane. The issue can be reproduced reliable with 8u112 and 9-ea+151.
In the console, you will see messages like this:
2017-01-06 11:33:50.471 java[950:28149] __CFPasteboardIssueSandboxExtensionForPath : sandbox extension creation failed: caller requested extension for path that could not be resolved to an absolute path: [http://www.cnn.com/
]
2017-01-06 11:33:50.472 java[950:28016] __CFPasteboardIssueSandboxExtensionForPath : sandbox extension creation failed: caller requested extension for path that could not be resolved to an absolute path: [/
]
2017-01-06 11:33:50.472 java[950:28016] __CFPasteboardCreateSandboxExtensionDataFromCFData : failed to obtain sandbox extension data for url [http://www.cnn.com/%0D%0A]
Workaround:
Make sure not to end a single line uri-list with CRLF.
When omitting the CRLF, i.e. using "http://www.cnn.com/" this works as expected. However, https://tools.ietf.org/html/rfc2483 specifies in §5:
"As for all text/* formats, lines are terminated with a CRLF pair."
I interpret this to mean that any line may be terminated with a CRLF, regardless of whether something follows or not. And even if the data was malformed somehow, a simple drag should never cause systemwide problems. Therefore we have to be more careful with what we pass to the system.
To reproduce, start the attached file and drag the label to an open Safari pane. The issue can be reproduced reliable with 8u112 and 9-ea+151.
In the console, you will see messages like this:
2017-01-06 11:33:50.471 java[950:28149] __CFPasteboardIssueSandboxExtensionForPath : sandbox extension creation failed: caller requested extension for path that could not be resolved to an absolute path: [http://www.cnn.com/
]
2017-01-06 11:33:50.472 java[950:28016] __CFPasteboardIssueSandboxExtensionForPath : sandbox extension creation failed: caller requested extension for path that could not be resolved to an absolute path: [/
]
2017-01-06 11:33:50.472 java[950:28016] __CFPasteboardCreateSandboxExtensionDataFromCFData : failed to obtain sandbox extension data for url [http://www.cnn.com/%0D%0A]
Workaround:
Make sure not to end a single line uri-list with CRLF.
- relates to
-
-
- Resolved
-
-
-
- Resolved
-