Re: Buffer Overflow with all versions of Internet Explorer and Javacript.

From: George Staikos (staikos@kde.org)
Date: 06/03/02 

From: George Staikos <staikos@kde.org>
To: Jacek Lach <jlach@utopia.pl.eu.org>, vuln-dev@securityfocus.com
Date: Mon, 3 Jun 2002 13:11:06 -0400

On Monday 03 June 2002 08:31, Jacek Lach wrote:
> On Sunday 02 June 2002 23:47, Scott Mackenzie wrote:
> > After a few minutes testing it seems this does not only effect Internet
> > Explorer but also the following browsers:
> >
> >
> > In KDE's konqueror Latest Version it Seg Faults the browser instantly
>
> a bit OT, but anyway, I also checked this and
> Konqeror 3.0.0 hogs the CPU, but there was no segfault, the same effect
> (100% CPU utilization) is done by simply this:
> <html><head></head>
> <script language="JAVASCRIPT">
> function foo() {
> foo();
> }
> </script>
> <input type="button" onClick="foo();" value="SMASH!"></input>
> </html>
>
> This situation is handled by both IE and Mozilla 1.0rc1 (no hogs there)

   I get a hard crash in Konqueror from KDE 3.0.0. We're looking into it
right now. It's rather obvious what is wrong, but the best solution needs to
be worked out by the JS developers.

#0 0x41a1d46a in KJS::Window::get (this=0x0, exec=0x0, p=@0x0)
    at kjs_window.cpp:348
#1 0x00000000 in ?? () 

-- 

George Staikos