homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam

The Geek Culture Forums


Post New Topic  New Poll  Post A Reply
my profile | directory login | | search | faq | forum home
  next oldest topic   next newest topic
» The Geek Culture Forums   » Other Geeky Stuff   » Ask a Geek!   » How does an image crash a browser?

 - UBBFriend: Email this page to someone!    
Author Topic: How does an image crash a browser?
RScottV

SuperFan!
Member # 3540

Member Rated:
5
Icon 1 posted March 29, 2006 20:26      Profile for RScottV     Send New Private Message       Edit/Delete Post   Reply With Quote 
Don't go to this page in Safari (use Firefox or Camino):

I am curious about how an image can crash a browser. Can someone explain this? (If possible, use simple terms please. I am not a programmer!) Thanks!

Posts: 211 | From: Saint Paul, MN | Registered: Feb 2005  |  IP: Logged
magefile
Highlie
Member # 2918

Member Rated:
5
Icon 1 posted March 29, 2006 21:31      Profile for magefile     Send New Private Message       Edit/Delete Post   Reply With Quote 
Well, a picture, like anything else on a computer, is data. The browser interprets that data (or more likely, calls a library that interprets it). If the code that interprets that data is not correctly written, there may be cases where it can fall into an infinite loop, or try to access memory it shouldn't, or whatever.

Does that help?

--------------------
Let them be stupid - the market will sort it out.

Posts: 743 | From: Massachusetts | Registered: Aug 2004  |  IP: Logged
GameMaster
BlabberMouth, a Blabber Odyssey
Member # 1173

Member Rated:
4
Icon 1 posted March 29, 2006 23:11      Profile for GameMaster   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
Generally, crashes are caused when:
- Stack overflows (VERY EVIL)
- Accesses memory it isn't allowed to (VERY EVIL)

Anything that is able to either of these is, in theory at the least -- in practice at the worst, exploitable by people who mean ill.

--------------------
My Site

Posts: 3038 | From: State of insanity | Registered: Mar 2002  |  IP: Logged
ASM65816
SuperBlabberMouth!
Member # 712

Member Rated:
2
Icon 4 posted March 30, 2006 00:32      Profile for ASM65816   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
CRASH FILE at http://drunkenblog.com/jag_towcar.jpg
(Note: PhotoShop on Mac OS X can view this file -- No EXIF data for file.)

from Console:

Preview(208,0xa000ed68) malloc: *** vm_allocate(size=2415923200) failed (error code=3)
Preview(208,0xa000ed68) malloc: *** error: can't allocate region
Preview(208,0xa000ed68) malloc: *** set a breakpoint in szone_error to debug
Mar 30 02:50:10 xxxxxxxxxxxx-Computer crashdump[209]: Preview crashed
...
Command: Preview
Path: /Applications/Preview.app/Contents/MacOS/Preview
Parent: WindowServer [58]

Version: 3.0.4 (398)
Build Version: 1
Project Name: Preview
Source Version: 4090000

PID: 208
Thread: 0

Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x9000000e

Thread 0 Crashed:

from blog:
    It's remarkably similar to the "Safari Image of Doom" from awhile ago, although this time ImageIO seems to be choking during an EXIF routine, so I won't rehash what I said there.

Essentially Apple's graphics handler "trusts" the EXIF information (stuff like camera model, date of picture, etc). Unfortunately, the information is "very" wrong (says file is 2.4 GB), and applications crash on the attempt to read data from an invalid memory address.

Programs that render their own graphics (like PhotoShop or Firefox) aren't affected because invalid EXIF data is ignored.

--------------------
Once a proud programmer of Apple II's, he now spends his days and nights in cheap dives fraternizing with exotic dancers....

Posts: 1035 | From: Third rock from sun. | Registered: Mar 2001  |  IP: Logged
Metasquares
Highlie
Member # 4441

Member Rated:
5
Icon 1 posted March 30, 2006 03:51      Profile for Metasquares   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
Does Apple know about this bug? It sounds exploitable.
Posts: 664 | From: Morganville, NJ | Registered: Oct 2005  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted March 30, 2006 06:08      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by Metasquares:
Does Apple know about this bug? It sounds exploitable.

Presently, they don't seem to care - this stuff has been reported to them a while ago. I believe DrunkenBlog is trying to press the issue by crashing lots of people's browsers. People are bitching and moaning about it in there, but the fact of the matter is, if there was a voluntary 'click here to crash your browser' link, no one would click it, or recognize how serious this matter is.

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9332 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
webmacster87
Geek Apprentice
Member # 5018

Rate Member
Icon 1 posted March 30, 2006 06:31      Profile for webmacster87   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
Is it just the browser? Or could it also have something to do with the computer speed? (I'm using Camino, but I'm a little scared to click that link since I'm on a 366 MHz G3. [Razz] )

--------------------
Phew, I finally registered on here.
Webmacster87.info (my blog)

Posts: 42 | From: SF Bay Area, CA, USA | Registered: Mar 2006  |  IP: Logged
drunkennewfiemidget
BlabberMouth, a Blabber Odyssey
Member # 2814

Member Rated:
4
Icon 1 posted March 30, 2006 06:45      Profile for drunkennewfiemidget     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by webmacster87:
Is it just the browser? Or could it also have something to do with the computer speed? (I'm using Camino, but I'm a little scared to click that link since I'm on a 366 MHz G3. [Razz] )

Nothing to do with system speed. Those kinds of errors (and judging by the looks of it, an exploitable one), have nothing to do with CPU speed, and everything to do with the code used to create the softare you're using.
Posts: 4897 | From: Cambridge, ON, Canada | Registered: Jun 2004  |  IP: Logged
ASM65816
SuperBlabberMouth!
Member # 712

Member Rated:
2
Icon 1 posted March 30, 2006 08:12      Profile for ASM65816   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
Apparently Camino (and AOL) can view the image without crashing. (Try it... it's fun. [evil] ) Mac OS X seems pretty good about protecting execution and other privileges, so I think Apple "isn't worried" about crashes from infinite recursion (because the application, not the OS is affected). [shake head]
quote:
PHP falls down security hole

News Story by Matthew Broersma

APRIL 19, 2005 (TECHWORLD.COM) - Servers running PHP are vulnerable to a number of serious security exploits, including some that could allow an attacker to execute malicious code, as well as denial-of-service exploits, according to the PHP Group.

The project has issued updates fixing the bugs, available from the PHP Web site and directly from various operating system vendors. "All Users of PHP are strongly encouraged to upgrade to this release," the PHP Group said in its advisory.

PHP, an open-source programming language mainly for server-side applications, runs on server operating systems such as Linux, Unix, Mac OS X and Windows.

Several of the flaws were discovered in PHP's EXIF module, used to handle the Exchangeable Image file format (EXIF) specification used by digital cameras. A bug in the module's exif_process_IFD_TAG() function could be exploited by a specially crafted "Image File Directory" (IFD) tag to cause a buffer overflow and execute malicious code with the privileges of the PHP server, according to Mandriva, which issued its update yesterday.

A second EXIF module bug could lead to an infinite recursion, causing the executed program to crash.

Another flaw, first disclosed by iDefense, affects the "php_handle_iff()" and "php_handle_jpeg()" functions and could be exploited by a specially formed image to cause infinite loops and consume all available CPU resources, creating a denial of service. The PHP update fixes a number of other security flaws, mostly less serious, as well as non-security-related bugs.

Independent security firm Secunia originally gave the flaws a non-critical ranking, but later changed its rating to "highly critical" as more information came to light, the company said.

Updates are being distributed by Debian, Gentoo, Suse and others.



--------------------
Once a proud programmer of Apple II's, he now spends his days and nights in cheap dives fraternizing with exotic dancers....

Posts: 1035 | From: Third rock from sun. | Registered: Mar 2001  |  IP: Logged
-ct-
BlabberMouth, the Next Generation
Member # 209

Icon 1 posted March 30, 2006 12:54      Profile for -ct-   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
lol, a "bug" that doesn't affect IE

[Cool]

--------------------
Things are always darkest... just before you pull your head out of your butt, void where prohibited, keep away from flame, surcharge(s) may apply.

www.harddriveHELL.com and demoniclemon.com

Posts: 1906 | From: nowhere, man | Registered: Jan 2000  |  IP: Logged
RScottV

SuperFan!
Member # 3540

Member Rated:
5
Icon 1 posted March 30, 2006 19:47      Profile for RScottV     Send New Private Message       Edit/Delete Post   Reply With Quote 
Thanks for the help. It was interesting to read about!
Posts: 211 | From: Saint Paul, MN | Registered: Feb 2005  |  IP: Logged


All times are Eastern Time  
Post New Topic  New Poll  Post A Reply Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:

Contact Us | Geek Culture Home Page

2015 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0



homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam