Bugtraq mailing list archives
Re: Crashing X
From: John Scimone <jscimone () cc gatech edu>
Date: Fri, 7 Dec 2001 18:49:30 -0500
If this is true couldn't a malicious website simply set the initial value of the form then use javascript to submit it upon loading the page causing the clients X to crash? ie. <input type="text" value="(9000 A's)"> and have a body onload=document.forms[0].submit()? John Scimone CS Major @ Ga Tech On Friday 07 December 2001 04:26 pm, you wrote:
I have discovered a little bug in K Desktop 2.1.2 that crashes your X Server. By using the konqueror web browser and inputting around 9000+ A's (or whatever) into a search box (for instance www.yahoo.com's web search box) - this will crash your X environment. I have successfully done it using 9000 A's on one search box (crashing X instantly), then I used 90'000 and it also worked - but without immediate effect (took a few seconds). It also sometimes seems to work by just pasting 900000 A's into a search box and before it even displays the A's X crashes. (note: If you want it to display the A's before X crashes paste 9000, then as soon as you click to start the search - its bye bye X). Sorry but I can only test it on KDE 2.1.2, because I have no other systems available right now. By the way: [smackenz@mainframe smackenz]$ uname -a Linux mainframe 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown (Rehat 7.1) (KDE 2.1.2) (this works in Gnome and KDE using with the konqueror web browser) To test simply use a shell and type: perl -e 'print "A" x 9000' Then copy these, and paste them into a search form. Also I tried this in netscape and it didn't work so it suggests its a konqueror error somewhere or other. Cheers Scott Mackenzie
Current thread:
- Crashing X scott (Dec 07)
- Re: Crashing X John Scimone (Dec 08)
- Re: Crashing X KF (Dec 10)
- Re: Crashing X Paul Starzetz (Dec 11)
- Re: Crashing X KF (Dec 10)
- Re: Crashing X Seth Arnold (Dec 08)
- Re: Crashing X Matthieu Herrb (Dec 08)
- Re: Crashing X munehiro (Dec 08)
- <Possible follow-ups>
- Re: Crashing X Joe Schmoe (Dec 11)
- Re: Crashing X John Scimone (Dec 08)