lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 19 Apr 2007 21:30:14 +0200
From: simone colombo <colombo.simone@...il.com>
To: The Anarcat <anarcat@...rcat.ath.cx>
Cc: bugtraq@...urityfocus.com
Subject: Re: Internet Explorer Crash

The Anarcat ha scritto:
> Actually, this also crashes Mozilla/5.0 (X11; U; Linux i686; en-US;
> rv:1.8.1.3) Gecko/20070310 Iceweasel/2.0.0.3 (Debian-2.0.0.3-1)
>
> I would think that Firefox and most browsers implementing javascript
> would die an horrible OOM death on this.
>   

Actually, FF on Linux just slows down for a while... memory allocation 
(RSS) for the process goes up untill it reaches ~800Mb, then I see an 
"out of memory" error in FF's javascript console and then... nothing.

No crashes of any kind.

Kernel's OOMkiller didn't got involved.

Disk I/O skyrocketed - of course - beacuse the system started to swap 
pretty soon (on a machine with 1Gb of physical memory).

It seems Firefox's JS engine is smart enough to catch the problem and 
shut down the bad script before it's too late... to the point I was able 
to browse normally after the tests, without any noticeable after-effect.

Also it seems that other people were doing their little experiments on 
this issue before anyone of us:

http://datadriven.com.au/2007/02/07/javascript-recursion-experiment/

This guy also tested Opera, not just IE & FF: he was looking for OOM 
problems in the variuos JS engines and for problems in detecting and 
halting infinite recursions too. He reached the conclusion that Opera 
seems to be the one reacting better to those two issues, although I 
can't confirm (I just don't bother).

I found the link after 2 minutes, searching on Google (using the same FF 
instance I "tested", by the way ;-) ).

Tested PoC on:
- Firefox/2.0.0.1
- Linux 2.6.18.2
- GNU libc 2.3.6
- GCC 3.4.4

--
SC

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ