Bugtraq mailing list archives

Re: IE6 CSS-Crash

From: xenophi1e <oliver.lavery () sympatico ca>
Date: 22 Oct 2003 18:10:54 -0000

In-Reply-To: <1066826686.3696.32.camel@falcon>

Hi,
the following HTML/JS/CSS-Code crashes IE6 immediately through a
combination of:
1. textarea in table in div
2. css:overflow-y:hidden
3. changing the scrollbar-base-color
4. moving the div



This looks like a benign crash to me. On my system IE is tanking in MSHTML.dll at 0x6360CD44 while dereferencing a null 
pointer (or a 0x22 pointer, to be precise).

6360CD38  mov         dword ptr [esi+9Ch],eax 
6360CD3E  mov         dword ptr [esi+90h],eax

6360CD44  cmp         byte ptr [edi+22h],0     ; edi = 0

6360CD48  jne         6360CDDE 
6360CD4E  cmp         byte ptr [edi+23h],0 

Stack:

      MSHTML.DLL!6360cd44()

        MSHTML.DLL!636199e3()   
        MSHTML.DLL!6360b569()   
        MSHTML.DLL!6360ba22()   
        MSHTML.DLL!636ff83b()   

Maybe I'm missing something, but it seems pretty run-of-the-mill.

Cheers,
~ol

Current thread:

IE6 CSS-Crash Andreas Boeckler (Oct 22)
- <Possible follow-ups>
- Re: IE6 CSS-Crash xenophi1e (Oct 22)