Vulnerability Development mailing list archives

Re: ie6 input overflow

From: Peter Kovacs <petke () datanet hu>
Date: Fri, 16 Nov 2001 08:52:54 +0100 (CET)

On Thu, 15 Nov 2001, Emre Yildirim wrote:

Philip Wagenaar wrote:

value="1,000,000 x's here"
size="1000000"
maxlength="1000000"



Hmm that's funny.  My system froze up too (I'm not sure if I really used 
1,000,000 'x's though).  This is a 750Mhz machine with 256MB RAM running 
XP Professional/IE6, all fixes applied.


-- 
Emre Yildirim <emre () asper org>
GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com)

I think it's nothing more than a simple long time buffering.
You can reproduce this behaviur by opening a large document (ie. in
word) with size 2M. And watch the task manager. You will see word - Not
Responding.
The ``Not Responding" state nothing more than the core thread of
application -  that handle all the window events - can not read its
message qeue, so the event sent by task manager left unresponded (Not
Responding). Note that a simple file open can not be splitted into several
thread (or NT fiber) because it is a single operation, API call (fopen).

Thats all. I think.

Regards petke
~~~~~~~~~~~~~
Master of Engineering in Information Technology
IBM Certified AIX(4.3) System Administrator
Developer Engineer
GTS-DataNet
------------------------------------------------------------------------------

Current thread:

ie6 input overflow Philip Wagenaar (Nov 15)
- Re: ie6 input overflow Emre Yildirim (Nov 15)
  - Re: ie6 input overflow Peter Kovacs (Nov 16)
  - Re: ie6 input overflow Josh Burns (Nov 16)
- IMPORTANT FOLLOW UP ie6 input overflow Philip Wagenaar (Nov 15)
- Re: ie6 input overflow the last priest (Nov 16)
- <Possible follow-ups>
- Re: ie6 input overflow sksksk sksks (Nov 16)
- Re: ie6 input overflow Joe Lyman (Nov 16)
- RE: ie6 input overflow Kayne Ian (Softlab) (Nov 19)