Closed Bug 292667 Opened 19 years ago Closed 14 years ago

Enormous input in a form field makes Intel Extreame Graphics 2 driver stop responding

Categories

(Core :: Layout: Form Controls, defect)

1.7 Branch
x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: kal201283, Unassigned)

References

Details

(Whiteboard: [sg:investigate])

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

I tried to give an extremely large input through the input field. For that
purpose i wrote some random text and copied it. I pressed ctrl+v for a few
seconds, now again copied the whole text in textbox and again pressed ctrl+v for
a few seconds. To submit huge data to a script. But when i had depressed ctrl+v,
suddenly firefox got hanged. and suddenly windows gave a message, "Your graphics
driver stopped responding" and left me in 640x480x16colors mode. I personally
think this was a buffer overrun and some memory was corrupted through it. 

Reproducible: Always

Steps to Reproduce:
1. Get any site allowing an input text through <input type=text>
2. Enter some randome text in field
3. copy whole text and paste it number of times.
4. again copy the current large text from same input box
5. again keep ctrl+v depressed 


Actual Results:  
6. eventually firefox will stop responding
7. Windows shows an error that ur graphics driver stopped responding
8. You are switched to 640x460x4bit mode.
8. Now firefox works again..

Expected Results:  
dissallowed the the user to input such enormous text

I am using default windows theme, Compaq notebook having  Intel sentrino, Intel
Mobile M 1.6Ghz processor, 512MB ram. 
i m using firefox 1.0.3 version.
It certainly chews up CPU as the string gets longer, and the text display
disappears (I've seen another bug on that). That particular Firefox window got
too sluggish to be useful, but other windows continued to work OK.

Need someone to confirm this as a crash... hm, I was running a debug build which
sometimes masks crashes. Will try again.
Component: Find Toolbar / FastFind → Layout: Form Controls
Flags: blocking-aviary1.1?
Flags: blocking-aviary1.0.4?
Product: Firefox → Core
Whiteboard: [sg:needinfo]
Version: unspecified → 1.7 Branch
I tried to count the size of the input i provided. It crashed for input of about
30+KBytes. Firefox goes on well but crashes Graphics driver on my machine. 
Jay: "Not blocking for security release but we need to address it on the trunk.
 Perhaps look into limiting input size for various form fields."
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking-aviary1.1?
Flags: blocking-aviary1.1+
Flags: blocking-aviary1.0.5?
Flags: blocking-aviary1.0.5-
Could be a spurious confirm.  dveditz saw his system hang while pasting a large
amount of text into an input field using both trunk and 1.0.4.  Not the same
result as described below.
This sounds like a bug in the graphics driver in question....
Kalpak, what graphics driver do you use?
Kalpak sent me this email:

"I have onboard intel graphics and I use the intel
driver only. I dont know the release n all. I will
check that out. But I use the driver shipped with the
driver CD i got. Actually i also downloaded the update
some time back. Intel Extreame Graphics 2 driver."

(Kalpak, please reply using Bugzilla rather than by email, so that other people
can read your response as well.)
Blocks: longlines
Summary: possible buffer overrun if given enormous input in a form field → Enormous input in a form field makes Intel Extreame Graphics 2 driver stop responding
Whiteboard: [sg:needinfo] → [sg:investigate]
Flags: blocking-aviary1.5+
I have checked these things with latest release. I cant reproduce them. Still i
need to check again with my notebook. I would like to mention another thing is,
according to RFC, i guess maximum size of URL is 1024 bytes. Considering this,
Address bar shouldnt allow more characters than that. At this time it does allow
u to input more characters. But form fields cant have any restrictions. 

Is there any restriction on the size of the HTTP request itself? I dont think
there is, I have seen a hack o tht which sends infinitely long HTTP request to
servers to make them run out of memory.

I would suggest not to put restrictions on form fields. It wont be practical. As
of now atlest i feel the browser doesnt crash with this.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WONTFIX
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Sorry for the scrap i did with the status.. Was a mistake..
QA Contact: fast.find → layout.form-controls
Group: core-security
Status: REOPENED → RESOLVED
Closed: 19 years ago14 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.