Closed Bug 163588 Opened 23 years ago Closed 23 years ago

buffer overflow in Chatzilla

Categories

(Other Applications Graveyard :: ChatZilla, defect)

Product:
Other Applications Graveyard
Component:
ChatZilla
Platform:
x86
FreeBSD
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 94448

People

(Reporter: trevor, Assigned: rginda)

References

(
URL
)

Details

On Bugtraq, Thor Larholm <Thor@jubii.dk> reported: The IRC:// protocol inhibited by Mozilla/NS6 seems to have a buffer overrun. A typical IRC URL could look like this: IRC://IRC.YOUR.TLD/#YOURCHANNEL The #YOURCHANNEL part is copied to a buffer that has a limit of 32K. If the input exceeds this limit, Mozilla 1.0 RC1 crashes with the following error: The exception unknown software exception (0xc00000fd) occured in the application at location 0x60e42edf At http://jscript.dk/2002/4/moz1rc1tests/ircbufferoverrun.html he has provided a Web page which demonstrates the bug. It does not always work for me, but I wrote a demonstration page according to his instructions which gives more consistent results: http://jpj.net/~trevor/chatzilla.html . Not installing the Chatzilla component is an effective workaround, as is removing the chatzilla.jar archive after installation.
This is not a buffer overrun, but a blown stack performing a regexp match against a very large string. Not exploitable. There is a dupe of this out there, possible left open to remind me to not match against large strings, or possibly marked INVALID, I forget.
*** This bug has been marked as a duplicate of 94448 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
Product: Core → Other Applications
Product: Other Applications → Other Applications Graveyard
You need to log in before you can comment on or make changes to this bug.