Slashdot Mirror
HTML Rendering Crashes IE
SlimySlimy writes "According to this article on Secunia, a new IE exploit was found that crashes almost any version of Internet Explorer past 4.0 with just 5 lines of plain HTML code (no JavaScript, ActiveX, etc.). If you're very brave, you can test/crash your IE by going here." There's also a note on SecurityFocus.
Here is their story
Infuriate left and right
Could wreak havoc in html-enabled forums
-1 Uncomfortable Truth
It seems that IE 5.x on MacOS X is not affected by this. Not that it's such a big deal, I imagine any affected Windows versions of IE can be relaunched and people will just avoid going to places with such code. I fail to see the significance. Oh well, glad to see their Mac port is more stable in this regard.
"I like systems, their application excepted", George Sand (French)
I use galeon most of the time and it crashes often too... Just put this in a document
<body onblur="javascript:self.focus()">
browse it, and galeon will crash (as of 1.3.3.20030419). Do the same in mozilla, close the browser window, and it will segfault (version 1.3).
Well, just to note, the Mac OS X version of IE did NOT crash. However, anyone using IE on mac when Camino, Mozilla, and Safari are well put together should have their head examined. Don't forget Opera too.
The bug seems to be Windows only....so the Mac coders at MS may be better coders...who knows.
-gabe
Seconds after reading this, I tried this out on my own, slightly modified.
:(
input type giveBoBathan$1,000,000USD
Unfortunatly, Microsoft must have known of this potential exploit.
--Travis
EOF
Not only did THIS version of IE crash, but the others I had open did too!
:)
It crashed only a single IE window on my pc. I run IE 6.0 on XP with all the updates, but maybe it has something to do with the 'Open folder windows in separate processes' option I have enabled.
It's not a serious vulnerability, but it sure is a very embarassing one
Does it have to be ``type crash?'' Why would ``crash'' be hardcoded into any library? It is just the lack of the ``='' that's doing it? I'd try it myself, but I don't own a copy if IE. Can anyone confirm?
Comment removed based on user account deletion
people are up in arms over this because it's an ms blunder. It does nothing more than simply halt your browser. As many can testify, halted browsers happen with any of the many browser flavors available.
/. and trolling about MS is ok, but I mean come on, how could anyone see that coming.
I heard someone suggest they hire better testers? How was anyone supposed to test for this. I know this is
The fact remains though that this crash isn't really that big of a deal. Sure it crashes IE, but it's not like most content webpages want their reader's browsers crashing when they reach the page. Who do we have to worry about? HTML enabled web boards? I have to worry about someone linking c:\con\con as an image everytime I click a link. You just go on with your life. If they are stupid enough to have html enabled then it's their problem, not MS's.
NJ Local Music Scene
Just one line is really required:
According to a post on bugtraq:
IE tries to compare the type of the input field to "HIDDEN", to see if it
should be rendered. When there is no type string, a null-pointer is used.
mshtml.dll calls shlwapi.dll#158 @ 0x636f0037 with a pointer to a static
unicode string "HIDDEN" and a null-pointer.
shlwapi.dll#158 does a case-insensitive comparison of two unicode strings:
it reads from address 0x0 because of the null-pointer and thus causes an
exception.
This is not exploitable, other then a DoS because there is no memory mapped
@ 0x0 and even if you could load something there, you could only compare it
to "HIDDEN" which gets you nowhere.
<html>
<head>
<style>
{
position: fixed;
background-color: green;
}
</style>
</head>
<body>
<table border=1>
<tr>
<td class="header">sdf</td><td>sdfsdfsdf</td>
</tr>
</body>
</html>
You have to mouseover the table cells and you will get a gpf. Should work on IE 5.5 and 6.0.
note: there is a bogus semicolon after the
Actually only one line of HTML is required:
<input type>
As someone on BugTraq already figured out 10 days ago, it's caused due to a null value for the type attribute.
Comment removed based on user account deletion
Heh. Thank you so much for porting a better IE to the Mac, Billy...
I cannot confirm my self... now Windows machines here...
I have looked all over my computer for this IE thingy you all speak of. I cant find it anywhere. I typed "whereis ie" in the console but nothing turned up. I typed find / -name IE and again nothing. I looked for a man page found none. I clicked on the gear icon thing and looked though the programs installed I dont have it. So I typed apt-get IE. No luck. Must be some obscure piece of software that I cant find. Guess I am better of WITHOUT IT!
what fun, just set it to your homepage, then have it restart explorer automatically once you send in the error report. Hours of fun for the bored slashdotters....
If you skip over the assembly instruction that causes the exception in a debugger, everything works fine. So if anyone pulls this trick on you, just open the debugger and skip the instruction. :) That, or get a better browser.
using namespace slashdot;
troll::post();
Slow news night, eh?
The error is invalid page fault in shlwapi.dll
..although placing this in the middle of a page doesn't always work:
DLL Name: Shell Light-weight Utility
Library Description: Contains utility functions for handling paths, urls, strings, registry entries and color settings
Interesting that this dll can also 'handle' registry entries....
In fact, the 5 lines of html can be reduced down to one:
<input type>
<html>
<head>
<title>foo</title>
</head>
<body>
<h1>foo</h1>
<input type>
</body>
</html>
type seems to be the only attribute that has the desired effect
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
Who else couldn't resist from clicking on the link that would crash IE?
Why is this a big deal? Because the largest software company on the planet has no better development practices and safeguards than some half-literate garage hacker.
It does surprise me... I mean, 'input type crash' ?? or is the input type significant or just for emphasis? It seems like what with 1-6, 8, and 9 of 9, plus all those eager-beaver interns and million typing monkeys at Microsoft this would have been caught earlier, unless the 'crash' thing was put there on purpose to intentionally cause a segfault or something so people could see what happens with all the activex controls etc. when IE does crash, and somebody forgot to remove it. Or, is Slashdot in permanent April Fool mode now? I hope so.
---The Vicar---
I haven't decided which is worse... The fact that such a silly bug exists, or the fact that it went undetected for six years.
A crash bug? Mozilla has none of those, right? Right? (seriously, if anything Microsoft should be proud that one pointless crash bug is such a big deal)
The "crash" part is just for looks. It would still crash with
Nothing wrong with that, Phoenix being still an alpha product. But please do not compare it with mature products, even if they are from Microsoft.
Also I don't understand why there are so many threads when nothing is going on (no download in progress and a single page shown).
Ciao
----
FB
I've crashed IE 6 several times with this HTML just fooling around, and each time, an exception is raised, a debug report generated, an optional offer is made to submit the report to the OS manufacturer to inform them of the problem, upon which immediate technical support is often given. After that action is complete, the OS remains stable, and the crash can be repeated ad nauseum, experimenting with different tags/debugger experiments/versions.
That is in a consumer OS (XP Home) that costs less than $100, and has tens of thousands of commercial apps available in almost every language. (probably millions if you include shareware/freeware)
Whether it's my mom or another engineer, I feel pretty good about telling them XP is a solid OS that can do what they need. (likewise with IE)
Not many years ago, it would have seemed pretty petty to obsess about such a bug--and that's when it would've forced a reboot.
I'm not shy about criticizing MS when appropriate, but to come from Windows for Workgroups to XP in 10 years is pretty impressive, especially for a company of its size.
If it were me, I'd spend my time debating the Software Formerly Known As Palladium, and not lose the forest for the trees by mocking MS for this kind of item. I fart bugs bigger than this.
Machines take me by surprise with great frequency. -A. Turing
Tested with the Opera and Mozilla browsers, both on Windoze and Linux platforms, the exploit doesn't affect any of them.
IE on the other hand, crashed.
By the way, here is the entire "exploit code":
<html>
<form>
<input type crash>
</form>
</html>
Muchas Gracias, Señor Edward Snowden !
Unfortunately, 0.5 is very old and there are only nightly releases since then. Try the nightly build from March 20th. It haven't managed to crash it once in those weeks.
I want to see some simple HTML code that will crash a spammer's email harvesting web crawler. Now THAT would be "News.*that matters..."
It's a bug in the document.
What happens I guess is:
1. You move the mouse outside the body to an image or off window.
2. That blurs it.
3. It wants focus, but the mouse is off the window.
Somewhere javascript is point to self, so it runs focus, but the mouse is not on an object with any relation to javascript.
This one may just be on the boundary between what is and what isn't.
The message on the other side of this sig is false.
Write a worm that sets everyone's home-page to this... so very evil.
Yeah, I use the windows copy of phoenix and I have zero problems with it. In linux I just use Mozilla.
This page was generated by a Barrel of Circus Midgets, and that is the way I like it!!!
"This HTML also crash Outlook" Sweet, I just found what to auto answer to all my spam. Of course with a subject line that says: I am very interested to buy your products.
Yahh, hiii haaaaa! -Major Kong, from Dr. Strangelove
Do you ever notice that when Microsoft makes a Mac version of a piss-poor Windows product that it tends to not suck [as much]?
Somewhat. When it comes to Office, I prefer the Mac versions to those for Windows. Perhaps it's because MS had some extra time in bringing the Mac versions to market. (MS Mac Office 98 / MS Windows Office 97.... MS Mac Office 2001 / MS Windows Office 2000.... Office v.X for OS X doesn't really count as it's a hybrid of Office 2001 and Office XP). The look and feel seems easier to live with and the Entrouage email/calendar/pim app is a lot more sane than Outlook (though is lacking full Excange integration).
MSN Messenger for the Mac is a pretty smooth little app... single file to deal with and none of the virus-like atributes of the Windows version.
MS IE for Mac was pretty good back in the days of Netscape 4. But these days there are MUCH better choices for Mac users.
Windows Media Player for the Mac (they need a better name for that app) works, but feels like quick and dirty port... I wouldn't be surprised if it wasn't done by the MS MBU (Macintosh Business Unit -- MS's Mac software team located in the Silicon Valley).
Whats wrong with you people?
/. were to use this code/bug/feature, would that keep the trolls away? ;^)
:P
;)
:P
This is a *SPLENDID* way to keep internet exploder (l)users away from webpages.
You don't want the average person to visit your website? smiple, insert 1 wee little line of code, et voila, bob's your uncle.
Come to think of it...if
(Hah! syeah right! Wishfull thinking
<wonderful dream>
It'll take 6 months before micro$oft fixes the problem, so that'll give the rest of us six months of troll-free slashdot happiness
<reality>
Having said that, I'm using Exploder on WinMe to submit this post - but mind you, it's the first time in 2 months I've been anywhere near windows - and yes, thats a real bug, it did crash - exploder only though...I figured windows would keel over with it. How eh...dissappointing
Ironic thoughts for the day:
1) this IE bug WILL become a feature.
<insert appropriate marketspeak here>
2) This post will get rated 'Troll'
And now... Shall we continue to post all the bugs that crash Mozilla, Netscape or Galeon?
Sure. It'd be appreciated, too.
I see the significance in two ways right now:
Digital Citizen
... and will email it to all your friends as well.
If you can identify all the bugs "that any coder should be able to catch" in every line of Linux kernel and GNU support code, so nothing ever goes wrong ever again on my system, I will personally pay you a full-time wage to do it. And so would Microsoft if you wished to do it for them. So, ready to convince us that you can debug the most complex consumer software?
BugFix Q3823982
This patch solves a vulnerability with Microsoft Internet Explorer Versions 4.0, 5.0, 5.5 and 6.0. A missing validation allowed snippits of code such as <form><input type cras.....
-----
This program has had a critical error and must be shut down...
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
I made some experiments and this bug is not that serious, if you use IE correctly.
IE has a feature, Mozilla/Firebird and Opera sadly don't have: IE can run in multiple processes.
If you open a new window by clicking IExplore.exe instead of pressing Ctrl-N, the new window runs in a seperate process. If you visit that crash page, only the one IE process crashes while the other processes stay unaffected (at least on NT based systems).
OTOH if a page makes Mozilla crash, the whole app suite goes down. The process seperation with Firebird and Thunderbird is a step into the right direction, but different Firebird windows do still run in a single thread.
I hope those kind of crashes send a message to all app developers (*cough*OpenOffice.org*cough*), to use multiple processes if possible (at least optional, because that would use more RAM).
I mean, hurds of people must have mistyped the input type tag at one point or another, how come we never heard of this before?
HTML clients are supposed to do skip over input they can't render. And in general, software should do something reasonable when it can't deal with input. Like deliver an error message. Crashing is always evidence of a bug, whether the data that caused it is buggy or not.
If someone has left this around since 4.0, why haven't all these security audits Microsoft claim to be doing haven't found that out yet? Are we still to believe that they actually spent a whole month in early 2002 just rooting out security holes, when they didn't notice this? Or is someone going to try and say that they /did/ notice it and then deliberately didn't fix it, on the grounds that it's just a bug and maybe not technically a security hole? Come on, really...
Andrew
No, if that does indeed crash an application it's a bug (and I'll assume, for the sake of argument, that the parent is correct even though other posters have stated they can't get Mozilla to crash from this). Applications should not respond to any input by crashing and applications should give the user a chance to lose data because someone on the net essentially (perhaps inadvertantly) instructed the application to crash.
I appreciate the logic of the loop you're describing, but the proper response to that is not to crash or enter some state where a user's data can be lost.
Digital Citizen
This makes it on to slashdot, but bugs like this Netscape exploit didn't?
I deleted my sig years ago.
I'm running IE 5.x and it crashes constantly with any help from a few lines of html.
It still barfs, and it barfs in a slightly different color, but less often. Experiment with nightlies. When you find one that doesn't barf too often, go with it.
this is one of those times when I wish I had mod points. AH... maybe someday.
Good judgment comes from experience, and a lot of that comes from bad judgment.
No offense, but many Alpha-products are perfectly comparable to ultra-mature Microsoft products like IE or MSOffice.
Especially Phoenix/Firebird/Mozilla-Browser/whateveritscalled now which is very stable at least on my installation.
This does not just effect IE, it also appears to effect apps using the IE html rendering engine including Outlook Express and Frontpage.
Try sending someone the crash code as an html e-mail. It crashed Outlook before even previewing. SHIT.
I sincerely hope anti-virus software blocks this one soon.
I just pasted the code into mozilla mail and emailed my outlook express 6 client and it caused it to crash. (Go figure)
I haven't tried outlook 2000 yet. Anyone want to give it a shot?
"Every security scheme that is based on secrets eventually fails." - Steve Jobs
If you really want to prove a point, make sure its an html email then.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
One HTML-Message posted in a Newsgroup and containing the line "<input type>" (Shortest form of the exploit...12 bytes to crash IE) will kill all Outlook Expresses who try to read it (remember that OE _always_ displays the HTML-Version of the post), leaving the users puzzled and perhaps "insightful +5"...
I'm a big linux fan, I really am. I just don't really have the time to set it up properly if I'm working on something "non standard". After spending 2 days working to get Via Voice working on various linux distros I finally gave up and installed XP on the box. Total time till the project was done, less than one hour including install.
What kind of makes me mad is when I request that our IT department install some software on my box at work. They leave it at the BSOD and try to blame me for it. Now that kind of thing stopped right away once my boss was backing me up. Now we have the only TWO home brewed PCs out of several thousand. Our IT department has admin access to them, but doesn't use it since we support them ourselves. Funny, hasn't crashed once since then.
I think Linux has a very powerful user base, I think most people who run linux are a touch smarter than those who *can't* run linux or don't know any better than to run what their computer came with. I think *nix in general is far more powerful than winderz, but I think windows also has it's place in the market.
Yes, this particular bug crashes IE in Windows. BFD. Opening Netscrape was iffy at best on a *nix box. The nice/scary thing about working where I do is we have 2 flavors of unix, dos 6.x to Windows 95, at least 3 distros of linux, a few NT boxes, several 2k boxes and even the odd OS/2 machine. Every OS has it's place and is useful in it's own right.
Now, take a time out in the corner and meditate on these teachings of tolerance of other OSes.
Good judgment comes from experience, and a lot of that comes from bad judgment.
Opera 7.10 on Win 2k just gave a blank page leaving the other pages up and running no matter what identification I set it to.
Cuiusvis hominis est errare; nullius nisi insipientis in errore perseverare.
In the aim of experimentation, I looked this up on the W3C HTML 4 pages. OK, so IE isn't usually one for sticking to the standards, but bear with me here... /.ism below
here is the bit distilled into
INPUT
type (implied) one from text|password and so on
if type is not present, text should be assumed. (This explains why everything renders it as a textbox, at least)
In the code that kills IE, the type attribute is present but not set, so its quite feasible that other browsers check for the type value in a different method, like assuming it is text unless the attribute value is in the list of valid types.
I tried it in Netcaptor which is based on Internet Explorer--the page opened and the error message popped up, but Netcaptor kept on chugging. It's really a great browser. Offtopic, but when is Mozilla/Firebird going to incorporate something similar to Captorgroups. And don't even mention that multiple bookmarks on startup, that's not the same thing. Captorgroups are much more versatile.
And undeservedly. People who could not see the potential for the web and understand that a critical application like a web browser must be made crash-proof should be corrected. Not by pointing and laughing, but by careful and patient explanation about how more people in everyday society depend on a well-functioning web browser that can handle any input (including input from potentially hostile webpage authors) without crashing (and thus losing what could be valuable data).
What has changed since the days when people used Netscape's version 3 browser is an increase in the number of people who use web browsers for important work. Developers who don't take this concern seriously are not developers one should trust with important data.
Digital Citizen
Just imagine : a spam mail using that code going to millions of IE / Outlook users... This would at least have one positive effect : Make the consumer aware that Yes, there are bugs and security issues in Windows and IE. You can no more read your email...
in related news, the microsoft operating system is buggy and full of holes.
Last time I checked I could still crash Mozilla with onSelect="select()" or an onFocus="select()" in a <textarea>.
They all have bugs to some point. You're a fool if you think otherwise.
Using IE6 on WinXP prof. with all SPs and updates installed.
IE version: 6.0.2800.1106.xpsp2.021108-1929
but I cannot see any obvious reason, WHY this happens. and WHY this only happens, when you put the mouse over the cell...
actually a bit mysterious to me
(Also checked: Mozilla 1.4a renders this page fine and has no problems with the mouse hovering over the cells. Again, mysterious, eeeeh...)
I mean, IE implements the tags correctly and you all just noticed? Yet again we see that Microsoft IE is ahead of the game, implementing useful tags that the w3 hasn't even thought of yet.
Why is it that Microsoft is saddled with the burden of creating useful standards? Isn't this supposed to be the job of the w3?
I expect we'll have to wait a few years to see it in Moz and by then, microsoft will have implemented <input type explode into tiny pieces> or something even more spectacular.
Robots are everywhere, and they eat old people's medicine for fuel.
http://www.w3c.org
nuff said.
-------
"In times of universal deceit, telling the truth becomes a revolutionary act."
-- George Orwell
No, the specification says you need a body element or a frameset element, you don't need to use a tag to create an element though.
The following is a valid HTML 4.01 Strict document, feed it in to the validator if you want conformation.
I just sent a HTML email with this in to a friend who runs Outlook 2000. As soon as he got it, it crashed Outlook. Funny thing is every time he starts Outlook up it crashes again so he can't rmeove it. Disables his email program with one crafted email!
It's really not a bug - you're just moving your mouse too slow ;)
Open source is the art of letting other people write your bad code.
I repeat, it did not crash Lynx.
--Drunk as in Beer
You don't need to specifically put "input type crash", as something like this also crashes IE:
<html>
<form>
<input type abc123>
</form>
</html>
---------
There is inferior bacteria on the interior of your posterior.
MS did it on purpose for debugging purposes? Maybe a couple more tags like
<input type bluescreen>
<input type slow_machine_to_crawl>
<input type bsa_audit>
<input type flood_ISP>
exist and they just haven't been discovered yet.
Just for grins, I saved the file, and now can't delete it (without mucking around) due to the fact that the whole desktop crashes while IE tries to render the little thumbnail of the page in Exploder. And no--I don't have active desktop enabled.
Fun for the whole family!
Why do Windows people get all these features. I don't even have a way to test it. Damn you Microsoft Monopoly. Damn you Konqui for refusing to crash when most needed.
it shook it off just fine.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
I'm sorry you don't mention the name of your company, because your company makes software that should be shunned. No software should respond in an astonishing way when fed valid data that is outside of the domain of the function -- it should do range-checking and set an appropriate error flag and return to the caller with something, even if that "something" is a NAN. Even when fed absolute junk, it should detect the junk and error out in a predictable manner.
In particular, taking down the application (and perhaps the entire system it's running on) is not an option.
I just noticed that the tantek.com link I posted above crashes Webcore-based browsers. After posting the comment from OmniWeb 4.5 (which uses KHTML Webcore) I clicked on the link. OmniWeb crashed.
Since I'm using a "Sneaky Peek" version of OmniWeb, I thought that maybe it was just a bug in the beta code. I tried the same link in Safari and it crashed too.
I assumed that since this was a page on Tantek Çelik's site the CSS would be valid. The page flunks the HTML validator at w3c.org because of a misplaced noscript tag. - I wouldn't expect that to crash a browser.
Must be a WebCore bug. Kind of ironic given the topic.
This is a good thing. NULL is generically used to indicate that a pointer is invalid. Attempting to read or write to a NULL pointer is always a bug and should cause the application to be stopped. Writing and reading from random memory address is a sure fire way to cause interesting results. Enforcing such restrictions helps to force programmers to ensure their programs are at least less buggy in that respect.
MacOS 9 allowing location 0 read/write is a bug, not a feature. (Well... probably not, really. MacOS 9 and prior probably allowed 0 as a valid userspace location.) When a program attempts to read or write to NULL, it should be terminated, as this is an error condition. This would be like ignoring the low oil pressure light on your car - you might be able to keep running for a while, but disaster could strike further down the road.
You are in a maze of twisty little relative jumps, all alike.
The 1,3 version seems to fix all the ebay crash problems.
Rubbish. A library has to be bullet-proof too. For example, look at the bugs in the C library for malformed input - the worst ones result in buffer-overflows that result in remote exploits.
You need some reading comprehension skills. He meant that in ADDITION to IE.
Conglom-O: We Own You (TM).
No, not all browsers have this bug and so far I can't replicate similar sounding bugs in Mozilla producing a crash and loss of work. Also, not all browsers are so widely used and not all browsers integrate code with widely used e-mail clients (Outlook and Outlook express still use the same HTML renderer that is subject to so many problems). This leads to multiple paths to sabotage someone remotely, perhaps even anonymously. Let's not forget that any application that embeds MSIE/Windows' renderer is vulnerable. Considering how many people use MSIE on MS Windows and how many of them are affected by this bug, I'd hardly call revealing the bug a "joke".
I'm not encouraging anyone to think in the false dichotomy of good vs. evil and neither should you. Nobody is helped by glossing over relevant details of how this works or ignoring the wide scope of the bug. This is one of a long string of Microsoft bugs that directly adversely affects ordinary users. We are much better served by suggesting real-world fixes (such as switching to Mozilla to do most browsing, even under a proprietary operating system). We're also better off identifying this exemplar of the practical shortcomings of proprietary software. There's no workaround here--MSIE/Windows users must simply wait for a fix from the proprietor if they won't switch browsers (and any other app adversely affected by embedding the MSIE renderer).
Digital Citizen
It's impossible to do that. Turing demonstrated that it is not possible to determine whether any given algorithm will execute to completion for all possible inputs. As the library in question is a mathematical one, it will undoubtedly contain algorithms which will not complete for some input or inputs, and all the bounds-checking in the world cannot guarantee security from input which will cause an infinite execution time. If it was possible, it would be a solution to the Turing machine halting problem, and such a thing cannot be, by definition.
Using HTML in email is like putting sound effects on your phone calls. Just say <strong>no</strong>.
What, like a mediaeval monk? ;-)
Using HTML in email is like putting sound effects on your phone calls. Just say <strong>no</strong>.
On Linux and Windows, the .text segment of the currently rybbubg program starts one page AFTER 0. the page containing the address 0 is marked no-access so that NULL pointer deferences PURPOSEFULLY crash the program. They waste 4k of memory for that feature.
Otherwise, the program would just keep going. YOu wouldn't see the crash until you attempt to write there and clobber your code.
Fuck Beta. Fuck Dice
You people are just like microsoft with your bloated code. Wasting all the extra space with unneeded characters. If there's one thing a Bleveskovolokian knows how to do it's to save an extra few bytes. Try:
<input type>
That's all. None of that unneeded crap. 12 bytes and crash!! The most efficient IE crasher web page yet. Beat that! I dare you.
Please tell me you're not just talking about things like forgetting to check before dividing by zero or SQRTing a negative number! If you are, then you are totally misunderstanding this conversation. We're in a different league here.
Unfortunately, you've spent so long checking that your algorithm will work correctly and terminate (assuming such checks are even possible) that no-one else will ever use your code because the alternatives are several orders of magnitude faster, which is the dominant requirement for the type of software we provide.
Any library can get bad input. You can pass me a pointer to your data structure and claim it's valid, but actually give me an address outside of memory that I'm allowed to access so I segfault when I follow it. It is not possible to write a 100% bulletproof library in this situation.
You have to trust your calling code to do its job, and you have to be clear about what input you accept with defined results so those writing the calling code can do their job. There is no other option.
The only remaining question is how broad you choose to make the set of valid inputs. This is simply a trade-off between safety and performance, and in this particular industry, standard practice is to trust your caller and go for performance. You're necessarily relying on them to give you good input anyway, so further checks just slow you down without any real safety benefit.
Actually, taking down the whole application and providing diagnostics is one of the better options, since it makes it clear during testing that there is a bug, which in turn implies that our client application has a logic error somewhere in it.
If my library doing something can take down your whole system, your OS is broken, of course.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
All you have to is to spam this company with this small HTML one-liner. Outlook is set to preview on most desktops. So the hapless users' Outlook would crash and could not be brought back: If you start it again, it would try to preview the offending message again and CRASH.
That would seriously hamper the operations of a company, and if that company is, say, a Wall Street broker, the financial losses could amount to millions.
So IT support people should really demonstrate this vulnerability to the clueless PHBs who insist on putting Outlook on their company's desktops. Maybe they'd stop being so foolishly blind to MS-induced security risks if, say, THEIR Outlook crashes and burns...
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
5.50.4134.0600
Type address
about:<input type crash>
and watch IE go up in smoke
IEXPLORE caused an invalid page fault in
module SHLWAPI.DLL at 016f:70bd1d1e.
Registers:
EAX=00000001 CS=016f EIP=70bd1d1e EFLGS=00010202
EBX=01b9bf20 SS=0177 ESP=0279fa00 EBP=0279fa10
ECX=0279fa18 DS=0177 ESI=00000000 FS=138f
EDX=70d4b0a8 ES=0177 EDI=00000000 GS=0000
Bytes at CS:EIP:
0f b7 06 46 46 83 f8 41 7c 05 83 f8 5a 7e 1d 0f
Stack dump:
70e7f5b0 70e4e2e2 00000000 70d4b0a8 00000034 70c93150 00000000 00000034 01ba6148 01b9b1d0 01b9bf20 01ba6148 01ba6148 70c9300b 00000034 01ba6148
Dreams, dreams, don't doubt dreams, dreaming children's dreaming dreams. Sailor Moon SS
It wor
I can't beleave this Micro$oft people, I have XP Professional with IE 6.0.26 and crashes too. I thought this kind of so evident IE problems where over after version 4.
It's a C++ problem. One of these days, IE will be written in VB.NET or C#, and problems like these (as well as those that don't cause a crash but cause a security vulnerability) won't happen nearly as often.
Amazing magic tricks
IE just crashes cause it has nothing better to do. Bottom line, if you want reliability use lynx, if you want unreliable bloat use IE.
The semicolon is from Slashdot breaking your & g t ; apart, to ensure that it properly line wraps.
They still insist that breaking apart &blah; tags is not a bug.
I am unamerican, and proud of it!
...as it seems that [this] is the Microsoft Crash mounth [sic]...
Isn't every month MS crash month?
-twb
Finally, software that does what it's told!
If that crashes it... would "" fix windows?
this shall now be my procmail autoresponse to filter all those annoying unwanted emails. just reply with those html tags and outlook will crash on their computer. ha!
my blog
this alone yields the same result (in IE 6.0.2800.1106.xpsp1.020828-1920, at least):
<table border="1">
<tr>
<td style="position: fixed;"></td><td></td>
</tr>
</table>
it looks like the table border must be >0, but only because the crash actually occurs when you mouse-over (any part of) the border, not the cell itself. weird.