homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam

Forum Home Post A Reply

my profile | directory login | | search | faq | forum home


» The Geek Culture Forums » Other Geeky Stuff » Ask a Geek! » How does an image crash a browser? » Post A Reply


Post A Reply
Login Name:
Password (max 13 characters):
Message Icon: Icon 1     Icon 2     Icon 3     Icon 4     Icon 5     Icon 6     Icon 7    
Icon 8     Icon 9     Icon 10     Icon 11     Icon 12     Icon 13     Icon 14    
Message:

HTML is not enabled.
UBB Code™ is enabled.

 

Instant Graemlins Instant UBB Code™
Smile   Frown   Embarrassed   Big Grin   Wink   Razz  
Cool   Roll Eyes   Mad   Eek!   Confused   Happytears  
blush   Beard of Peter Gabriel!   crazy   tired   ohwell   evil  
shake head   cry baby   hearts   weep   devil wand   thumbsup  
thumbsdown   Geek   Applause   Angel   Envy    
Insert URL Hyperlink - UBB Code™   Insert Email Address - UBB Code™
Bold - UBB Code™   Italics - UBB Code™
Quote - UBB Code™   Code Tag - UBB Code™
List Start - UBB Code™   List Item - UBB Code™
List End - UBB Code™   Image - UBB Code™

What is UBB Code™?
Options


Disable Graemlins in this post.


 


T O P I C     R E V I E W
RScottV
Member # 3540
 - posted March 29, 2006 20:26
Don't go to this page in Safari (use Firefox or Camino):

I am curious about how an image can crash a browser. Can someone explain this? (If possible, use simple terms please. I am not a programmer!) Thanks!
 
magefile
Member # 2918
 - posted March 29, 2006 21:31
Well, a picture, like anything else on a computer, is data. The browser interprets that data (or more likely, calls a library that interprets it). If the code that interprets that data is not correctly written, there may be cases where it can fall into an infinite loop, or try to access memory it shouldn't, or whatever.

Does that help?
 
GameMaster
Member # 1173
 - posted March 29, 2006 23:11
Generally, crashes are caused when:
- Stack overflows (VERY EVIL)
- Accesses memory it isn't allowed to (VERY EVIL)

Anything that is able to either of these is, in theory at the least -- in practice at the worst, exploitable by people who mean ill.
 
ASM65816
Member # 712
 - posted March 30, 2006 00:32
quote:
CRASH FILE at http://drunkenblog.com/jag_towcar.jpg
(Note: PhotoShop on Mac OS X can view this file -- No EXIF data for file.)

from Console:

Preview(208,0xa000ed68) malloc: *** vm_allocate(size=2415923200) failed (error code=3)
Preview(208,0xa000ed68) malloc: *** error: can't allocate region
Preview(208,0xa000ed68) malloc: *** set a breakpoint in szone_error to debug
Mar 30 02:50:10 xxxxxxxxxxxx-Computer crashdump[209]: Preview crashed
...
Command: Preview
Path: /Applications/Preview.app/Contents/MacOS/Preview
Parent: WindowServer [58]

Version: 3.0.4 (398)
Build Version: 1
Project Name: Preview
Source Version: 4090000

PID: 208
Thread: 0

Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x9000000e

Thread 0 Crashed:

from blog:
    It's remarkably similar to the "Safari Image of Doom" from awhile ago, although this time ImageIO seems to be choking during an EXIF routine, so I won't rehash what I said there.

Essentially Apple's graphics handler "trusts" the EXIF information (stuff like camera model, date of picture, etc). Unfortunately, the information is "very" wrong (says file is 2.4 GB), and applications crash on the attempt to read data from an invalid memory address.

Programs that render their own graphics (like PhotoShop or Firefox) aren't affected because invalid EXIF data is ignored.
 
Metasquares
Member # 4441
 - posted March 30, 2006 03:51
Does Apple know about this bug? It sounds exploitable.
 
dragonman97
Member # 780
 - posted March 30, 2006 06:08
quote:
Originally posted by Metasquares:
Does Apple know about this bug? It sounds exploitable.

Presently, they don't seem to care - this stuff has been reported to them a while ago. I believe DrunkenBlog is trying to press the issue by crashing lots of people's browsers. People are bitching and moaning about it in there, but the fact of the matter is, if there was a voluntary 'click here to crash your browser' link, no one would click it, or recognize how serious this matter is.
 
webmacster87
Member # 5018
 - posted March 30, 2006 06:31
Is it just the browser? Or could it also have something to do with the computer speed? (I'm using Camino, but I'm a little scared to click that link since I'm on a 366 MHz G3. [Razz] )
 
drunkennewfiemidget
Member # 2814
 - posted March 30, 2006 06:45
quote:
Originally posted by webmacster87:
Is it just the browser? Or could it also have something to do with the computer speed? (I'm using Camino, but I'm a little scared to click that link since I'm on a 366 MHz G3. [Razz] )

Nothing to do with system speed. Those kinds of errors (and judging by the looks of it, an exploitable one), have nothing to do with CPU speed, and everything to do with the code used to create the softare you're using.
 
ASM65816
Member # 712
 - posted March 30, 2006 08:12
Apparently Camino (and AOL) can view the image without crashing. (Try it... it's fun. [evil] ) Mac OS X seems pretty good about protecting execution and other privileges, so I think Apple "isn't worried" about crashes from infinite recursion (because the application, not the OS is affected). [shake head]
quote:
PHP falls down security hole

News Story by Matthew Broersma

APRIL 19, 2005 (TECHWORLD.COM) - Servers running PHP are vulnerable to a number of serious security exploits, including some that could allow an attacker to execute malicious code, as well as denial-of-service exploits, according to the PHP Group.

The project has issued updates fixing the bugs, available from the PHP Web site and directly from various operating system vendors. "All Users of PHP are strongly encouraged to upgrade to this release," the PHP Group said in its advisory.

PHP, an open-source programming language mainly for server-side applications, runs on server operating systems such as Linux, Unix, Mac OS X and Windows.

Several of the flaws were discovered in PHP's EXIF module, used to handle the Exchangeable Image file format (EXIF) specification used by digital cameras. A bug in the module's exif_process_IFD_TAG() function could be exploited by a specially crafted "Image File Directory" (IFD) tag to cause a buffer overflow and execute malicious code with the privileges of the PHP server, according to Mandriva, which issued its update yesterday.

A second EXIF module bug could lead to an infinite recursion, causing the executed program to crash.

Another flaw, first disclosed by iDefense, affects the "php_handle_iff()" and "php_handle_jpeg()" functions and could be exploited by a specially formed image to cause infinite loops and consume all available CPU resources, creating a denial of service. The PHP update fixes a number of other security flaws, mostly less serious, as well as non-security-related bugs.

Independent security firm Secunia originally gave the flaws a non-critical ranking, but later changed its rating to "highly critical" as more information came to light, the company said.

Updates are being distributed by Debian, Gentoo, Suse and others.


 
-ct-
Member # 209
 - posted March 30, 2006 12:54
lol, a "bug" that doesn't affect IE

[Cool]
 
RScottV
Member # 3540
 - posted March 30, 2006 19:47
Thanks for the help. It was interesting to read about!
 




Contact Us | Geek Culture Home Page

© 2015 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0



homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam