Closed Bug 384318 Opened 17 years ago Closed 17 years ago

Firefox 1.5.0.12 Crashes because of buffer overflow?

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 213391

People

(Reporter: matikkajaska, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070601 Ubuntu/dapper-security Firefox/1.5.0.12
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070601 Ubuntu/dapper-security Firefox/1.5.0.12

My browser: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070601 Ubuntu/dapper-security Firefox/1.5.0.12

The following simple Javascript code in a web page crashes the browser:

function crash(color){
alert("Warning: We are crashing your browser. ")
for (i=1; i<=9999999999; i=i+1)
{document.write(i + "<img src='pics/special.jpg'>");}
alert("Congratulations! Your browser did not crash.")
document.bgColor="black"
}

Reproducible: Always

Steps to Reproduce:
1.
2.
3.


Expected Results:  
Output: Congratulations! Your browser did not crash.
That's not a buffer overflow, it's simply out of memory : the code tries to create 10.000 million image-tags ...
OK. One should add in the Firefox's source code a check that it is not possible to allocate too much memory.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
jaakko: oh, it's that simple. wow. you know. if it were really that simple, we'd have done it already.

if you're not using a mozilla.org binary, please complain to your vendor (get them to help you get a stack trace).
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.