This is topic How does an image crash a browser? in forum Ask a Geek! at The Geek Culture Forums.


To visit this topic, use this URL:
http://www.geekculture.com/cgi-bin/ultimatebb/ultimatebb.cgi?ubb=get_topic;f=12;t=001983

Posted by RScottV (Member # 3540) on March 29, 2006, 20:26:
 
Don't go to this page in Safari (use Firefox or Camino):

I am curious about how an image can crash a browser. Can someone explain this? (If possible, use simple terms please. I am not a programmer!) Thanks!
 
Posted by magefile (Member # 2918) on March 29, 2006, 21:31:
 
Well, a picture, like anything else on a computer, is data. The browser interprets that data (or more likely, calls a library that interprets it). If the code that interprets that data is not correctly written, there may be cases where it can fall into an infinite loop, or try to access memory it shouldn't, or whatever.

Does that help?
 
Posted by GameMaster (Member # 1173) on March 29, 2006, 23:11:
 
Generally, crashes are caused when:
- Stack overflows (VERY EVIL)
- Accesses memory it isn't allowed to (VERY EVIL)

Anything that is able to either of these is, in theory at the least -- in practice at the worst, exploitable by people who mean ill.
 
Posted by ASM65816 (Member # 712) on March 30, 2006, 00:32:
 
quote:
CRASH FILE at http://drunkenblog.com/jag_towcar.jpg
(Note: PhotoShop on Mac OS X can view this file -- No EXIF data for file.)

from Console:

Preview(208,0xa000ed68) malloc: *** vm_allocate(size=2415923200) failed (error code=3)
Preview(208,0xa000ed68) malloc: *** error: can't allocate region
Preview(208,0xa000ed68) malloc: *** set a breakpoint in szone_error to debug
Mar 30 02:50:10 xxxxxxxxxxxx-Computer crashdump[209]: Preview crashed
...
Command: Preview
Path: /Applications/Preview.app/Contents/MacOS/Preview
Parent: WindowServer [58]

Version: 3.0.4 (398)
Build Version: 1
Project Name: Preview
Source Version: 4090000

PID: 208
Thread: 0

Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x9000000e

Thread 0 Crashed:

from blog:
    It's remarkably similar to the "Safari Image of Doom" from awhile ago, although this time ImageIO seems to be choking during an EXIF routine, so I won't rehash what I said there.

Essentially Apple's graphics handler "trusts" the EXIF information (stuff like camera model, date of picture, etc). Unfortunately, the information is "very" wrong (says file is 2.4 GB), and applications crash on the attempt to read data from an invalid memory address.

Programs that render their own graphics (like PhotoShop or Firefox) aren't affected because invalid EXIF data is ignored.
 
Posted by Metasquares (Member # 4441) on March 30, 2006, 03:51:
 
Does Apple know about this bug? It sounds exploitable.
 
Posted by dragonman97 (Member # 780) on March 30, 2006, 06:08:
 
quote:
Originally posted by Metasquares:
Does Apple know about this bug? It sounds exploitable.

Presently, they don't seem to care - this stuff has been reported to them a while ago. I believe DrunkenBlog is trying to press the issue by crashing lots of people's browsers. People are bitching and moaning about it in there, but the fact of the matter is, if there was a voluntary 'click here to crash your browser' link, no one would click it, or recognize how serious this matter is.
 
Posted by webmacster87 (Member # 5018) on March 30, 2006, 06:31:
 
Is it just the browser? Or could it also have something to do with the computer speed? (I'm using Camino, but I'm a little scared to click that link since I'm on a 366 MHz G3. [Razz] )
 
Posted by drunkennewfiemidget (Member # 2814) on March 30, 2006, 06:45:
 
quote:
Originally posted by webmacster87:
Is it just the browser? Or could it also have something to do with the computer speed? (I'm using Camino, but I'm a little scared to click that link since I'm on a 366 MHz G3. [Razz] )

Nothing to do with system speed. Those kinds of errors (and judging by the looks of it, an exploitable one), have nothing to do with CPU speed, and everything to do with the code used to create the softare you're using.
 
Posted by ASM65816 (Member # 712) on March 30, 2006, 08:12:
 
Apparently Camino (and AOL) can view the image without crashing. (Try it... it's fun. [evil] ) Mac OS X seems pretty good about protecting execution and other privileges, so I think Apple "isn't worried" about crashes from infinite recursion (because the application, not the OS is affected). [shake head]
quote:
PHP falls down security hole

News Story by Matthew Broersma

APRIL 19, 2005 (TECHWORLD.COM) - Servers running PHP are vulnerable to a number of serious security exploits, including some that could allow an attacker to execute malicious code, as well as denial-of-service exploits, according to the PHP Group.

The project has issued updates fixing the bugs, available from the PHP Web site and directly from various operating system vendors. "All Users of PHP are strongly encouraged to upgrade to this release," the PHP Group said in its advisory.

PHP, an open-source programming language mainly for server-side applications, runs on server operating systems such as Linux, Unix, Mac OS X and Windows.

Several of the flaws were discovered in PHP's EXIF module, used to handle the Exchangeable Image file format (EXIF) specification used by digital cameras. A bug in the module's exif_process_IFD_TAG() function could be exploited by a specially crafted "Image File Directory" (IFD) tag to cause a buffer overflow and execute malicious code with the privileges of the PHP server, according to Mandriva, which issued its update yesterday.

A second EXIF module bug could lead to an infinite recursion, causing the executed program to crash.

Another flaw, first disclosed by iDefense, affects the "php_handle_iff()" and "php_handle_jpeg()" functions and could be exploited by a specially formed image to cause infinite loops and consume all available CPU resources, creating a denial of service. The PHP update fixes a number of other security flaws, mostly less serious, as well as non-security-related bugs.

Independent security firm Secunia originally gave the flaws a non-critical ranking, but later changed its rating to "highly critical" as more information came to light, the company said.

Updates are being distributed by Debian, Gentoo, Suse and others.


 
Posted by -ct- (Member # 209) on March 30, 2006, 12:54:
 
lol, a "bug" that doesn't affect IE

[Cool]
 
Posted by RScottV (Member # 3540) on March 30, 2006, 19:47:
 
Thanks for the help. It was interesting to read about!
 


© 2015 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0