Bugtraq mailing list archives

Re: remote DoS in Mozilla 1.0

From: Stijn Jonker <SJCJonker () SJC nl>
Date: Tue, 11 Jun 2002 15:05:31 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

The one think that keeps popping up in my mind after reading your post:

Is this really a mozilla bug? 

My answer:

No, because try and font of the size 1666666px in gimp on the same system, 
the symptoms and the end effect is exactly the same here.

System: RH 7.3
        512 M memory
        1024M Swap
        Xfs & XFree86 4.2.0

What happens is that XFS consumes huge amounts of ram, and finally bails 
out. So end of story for the fonts in X. As a result X is practicly 
useless.

I can only guess what happens when you don't use XFS but Xserver based 
fontrendering, the X server consumes huge amounts of mem and cpu and bails 
out => server crash => Bye Bye X.

The solution(s):
        (a) Fix every app to disallow font sizes bigger then <maxvalue>
        (b) Fix XFS to return an error code to the calling application 
when requested font size is greater then configured <maxvalue>

Personally i would go for b.

Just my $0.02, but is you disagree please let me know.

On Mon, 10 Jun 2002, Tom wrote:

Author            
======
Tom Vogt <tom () lemuria org>
http://web.lemuria.org/

Affected
========
Mozilla 1.0 and earlier
verified on Linux and Solaris, other Unixes most likely affected as well.

Effect
======
System becomes unuseable or X windows crashes 
(varies depending on system configuration)

Description
===========
When loading pages with a specially prepared (or erroneous) stylesheet,
mozilla and X windows (not restricted to XFree) exhibit any of two


<<SNIP>>


Example
=======
Include a huge font size in your style sheet definition, e.g.:
body { font-size: 1666666px; }


- -- 
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker () sjc nl>

- --
Outlook Express is actually an incredibly effective virus distribution system which only pretends to be an email 
program.
[by Eric Lee]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9BfWcH0P/oLuWBrcRAqB3AJkBudCe8ovF9+u5dPdFEYP/p1zUtgCbBc4I
k/e0j6d1HDEQQb/XiWKnF3k=
=TUcz
-----END PGP SIGNATURE-----

Current thread:

remote DoS in Mozilla 1.0 Tom (Jun 10)
- Re: remote DoS in Mozilla 1.0 Stijn Jonker (Jun 11)
  - Re: remote DoS in Mozilla 1.0 Mikael Olsson (Jun 11)
  - Re: remote DoS in Mozilla 1.0 Tom (Jun 11)
    - Re: remote DoS in Mozilla 1.0 Andreas Beck (Jun 11)
    - Re: remote DoS in Mozilla 1.0 John C. Welch (Jun 11)
  - Re: remote DoS in Mozilla 1.0 Jakub Bogusz (Jun 11)
- Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Federico Sevilla III (Jun 13)
  - Re: Very large font size crashing X Font Server and Grounding Server to Alan Cox (Jun 13)
    - rlimits and non overcommit (was: Very large font size ...) Federico Sevilla III (Jun 13)
  - Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) rjh (Jun 13)
  - Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Rob Mayoff (Jun 13)

(Thread continues...)