| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: denis.mcmahon at ntlworld.com (Denis McMahon) Subject: driver for display goes to a infinite loop by viewing a html! Ferris, Robin wrote: > Had to remotely kill IEXPLORE.EXE because PC basically started to > freeze. Is this not because the picture was soo big? It looked like a > big black nothing to me anyways. Here's the html for that page: <html> <p>Bipin Gautam</p> <img width=9999999 height=9999999 src="crazy.jpg" </html> <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet><script language="JavaScript" src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js"></script><script language="JavaScript" src="http://geocities.com/js_source/geov2.js"></script><script language="javascript">geovisit();</script><noscript><img src="http://visit.webhosting.yahoo.com/visit.gif?us1092232234" alt="setstats" border="0" width="1" height="1"></noscript> <IMG SRC="http://geo.yahoo.com/serv?s=76001067&t=1092232234" ALT=1 WIDTH=1 HEIGHT=1> Ignoring the rubbish after the closing tab: <html> <p>Bipin Gautam</p> <img width=9999999 height=9999999 src="crazy.jpg" </html> No head element No body element img element is not terminated img size parameters are stupidly large, expecially as the image is a 203 x 152 24 bpp jpg. I imagine resizing a 203 x 152 image to a 9999999 x 9999999 display is part of the problem. I imagine that mapping that display object size to the actual screen resolution might be another part of it. I guess the totally malformed html may not be helping. Servers that further break malformed documents can't be helping either. Denis
Powered by blists - more mailing lists