Slashdot Mirror
Crash Chrome With 16 Characters
An anonymous reader writes: Remember when it took just eight characters to crash Skype? Apparently it takes double that to take out Chrome: Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser. To try it yourself, fire up Chrome 45 (the latest stable version) or older and put this into your address bar: http: //a/%%30%30 (without the space).
...just rewrites the url.
I just fired up Opera (shares the Blink engine) and gave it a try. Sure enough, it crashed and restarted. Wonder where the issue is...
Managed to recover chrome faster for the first post!
Tried it on Chromium. Didn't crash the browser.
Didn't crash on Linux - Chrome 44
Which begs the question: of the tens of billions of dollars Google sees each year, how much goes toward writing an automated test suite for their flagship client software?
Which begs the question: how many people will ignore the question in favour of correcting my usage of "begs the question"?
Which begs the question: how many Americans will read "favour" and think "fucking smartass Brit"?
Which begs the question: how many British people will think, "Smartarse, surely"?
Which begs the question: how many people are thinking, "Ok, this isn't funny anymore"?
Which begs the question: how many people are now thinking, "Dude, this post was never funny"?
New @Midnight game:
Crash a Browser in 16 Characters
"Grab them by the pussy" -- President of the United States of America
"That's ridiculous! No computer can handle 32 things!"
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Crashes Chrome Canary 47.xxx
[6918:6918:0919/221732:FATAL:navigation_controller_impl.cc(927)] Check failed: active_entry->site_instance() == rfh->GetSiteInstance().
Doesn't crash if the url is passed as an argument. Just opens up about:blank(not default behavior)
4.1.6-1-ARCH x86_64 GNU/Linux
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
Apparently I've been neglecting Chrome on this old image for quite a long time. Chrome 21, Mac OS 10.6.8. No crash observed.
Memory safety, folks. Get some.
The `managed', garbage collected stuff is too slow, and the ancient `systems' languages are too fragile.
One day, this silly shit will stop.
Map a share on a Win9x box to drive X: on an NT box.
At the NT command prompt, type
dir x:????????*.*
Crashes the Win9x box in 17 characters. In WinME they half-fixed it: the machine reports on a blue screen that the server service has crashed and offers to restart it. My suspicion is that the file name matches neither the pattern for the shortname or the longname, and so falls out the bottom of a test that was not designed to ever fail.
Of course that's all ancient history now, and I expect Google may actually fix the problem eventually, unlike Microsoft who ignored the bug report.
creating a link this crashes and hovering the mouse over it crashes!
It seems it's the %%30%30 which causes that (this should be unescaped as "%300").
Slashdot, fix the reply notifications... You won't get away with it...
Here's a "better" version of the story...
http://goo.gl/5WtI0B
-SaNo
"Browser Golf."
"I'd just like to emphasise that taking a million years isn't a metaphor here..." -Rich Bradshaw
Tried it in chrome for iOS, didn't do anything...
I type //a/%%30%30 all the time! (It's the combination to my luggage)
I don't read your sig. Why are you reading mine?
aa
Not sure why. I have Version 43.0.2357.130 (64-bit) of Chrome on GNU/Linux. Fedora 22 64 bit.
ftp://a/%%30%30
43.0.2357.130 (64-bit) on OSX 10.10.5
That would make an excellent addition to the computer science field.
Okay, put //a/%%30%30 in the URL bar. Didn't crash anything.
Put it in the search box on the default search page and it puked immediately.
45.0.2454.93
Chas - The one, the only.
THANK GOD!!!
Google calls the URL bar "Omnibox", and it will search Google as soon as you start typing in it. I would suspect this is causing the problem, since a regular (non-Omni) URL bar is a very simple thing.
I went to Settings to disable Omnibox and test my theory. Unfortunately there seems to be no way to disable the Omnibox in Chrome.
Yo yo da Googles be down wit da genius crowd, yo. My Googler bro's got them PhD's and janky links and whatnot.
even manage to do this.
I'm using that exact version and it crashed for me.
http://a/%2500
Piffle...
"If any question why we died, Tell them because our fathers lied."
Chrome Version 43.0.2357.134 on Linux, just gets me a blank page.
Sean Ellis
Follow OfQuack's antics on Twitter.
I tried it on Internet Explorer and not only did the browser crash, it billed me for $299.95. Also, every site I browse now appears to be Russian porn.
Just cruising through this digital world at 33 1/3 rpm...
According to TFS, it should work on v45 and older. It does not crash Chromium. I entered "http: //a/%%30%30" (without the quotes) then "http://a/%%30%30" (without the quotes) into the address bar, and it just took me to the Startpage web search in both cases (as it should). FWIW, I'm using Chromium Version 44.0.2403.89 Ubuntu 14.04 (64-bit), on Xubuntu 14.04.
Mine just pulled up website with Larry Paige telling me I got the golden ticket and will am invited to tour the Google Chocolate Factory with my uncle Joe.
Some drink at the fountain of knowledge. Others just gargle.
NO crash with the current chromium on the current opensuse
the website "a/%" fallowed by two zeros is just a bad url and it tossed
"I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
Chromium Version 44.0.2403.89, Ubuntu 15.04. Changes "http://a/%%30%30" to "chrome://chrome/" and no apparent ill effects, including no crash. There is a reason why it is a good idea to let the Debian/Ubuntu devs do your QA for you.
When all you have is a hammer, every problem starts to look like a thumb.
Comment removed based on user account deletion
Comment removed based on user account deletion
They are just trying to rickroll you
There's a very long record of a300 (== a%%30%30) crashes dating back to 1983. https://en.wikipedia.org/wiki/...
Some drink at the fountain of knowledge. Others just gargle.
Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser.
Gee, I typed in http://sonic.com and hit Enter, and it worked Just Fine.
Perhaps they meant to say "Typing in a particular 16-character link, clicking on a particular 16-character link, or even just putting your cursor over a particular 16-character link, will crash Google's browser."
I'm using Version 44.0.2403.89 Ubuntu 14.04, and it's ok, so there's something weird here.
I submitted this URL to reddit and now my profile page gives an error after loading.
$ w3m http://a/%%30%30
w3m: Can't load http://a/%%30%30.
use this: ftp://a/%%30%30
Copy and paste the url into incognito mode will crash all chrome processes, not just the new window. Interesting.
"Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
I can do it in 15. ftp:// works too!
Peter predicted that you would "deliberately forget" creation 2000 years ago...
Not disabling webfonts using the "--disable-remote-fonts" commandline parameter with Chrome under Windows XP will get you random Chrome crashes and even BSODs while visiting Google sites like Youtube.
Seems like an old win32k.sys vulnerability that was supposedly patched in 2009.
"Look ma, I've put the chrome in the dishwasher and now it won't facebook, what a piece of crap"
lucm, indeed.
Your pedantry must be a hit at parties.
Version 46.0.2490.33 beta (64-bit) ..
You, in particular, are a cunt.
How's that? Particular enough for you?
PS - cunt
[nt]
Chrome v45 for Android is unaffected.
I use chromium 34.0.1847.137 and ... nothing happens when I copy/paste that url (yes - I deleted that space).
No Crash. No nothing.
So I guess Google added something to their Chrome that breaks stuff.
I'm running Chrome-stable 45.0.2454.93-1 on Fedora 21 (kernel 4.1.6-100.fc21)
It rewrote the URL as "a/%00" then paused for a moment before the window vanished. On restart, it displays the "Chrome did not shut down properly" message.
I tested it as a solo tab, then again as a 2nd and 3rd tab. Every time, it kills the entire browser. (Chrome-stable 45 on 64-bit Fedora 21)
My GalaxyS5 is not affected, and it's running Chrome 45.0.24.54.94
Running it on XP I clicked send on the window offering to send a trouble report to Microsoft. I'm sure they'll have it fixed in a business day!
Yes. There is a 16 character URL. Clicking on a 16 character URL (that one, specifically) crashes the browser.
What they didn't say is "any 16 character link".
So, they got it right. (Actually, what they said was ambiguous/vague; they could have said "this 16 character link". I still say that "a 16 character link" describes the problem fine, accurately.
It just so happens I wanted to crash my web browser and I didn't know how. Now I do. Thanks, and happy crash landings everybody.
Tried to share the URL in FB. It seemed trying to load the link forever. Wonder whether some threads (or whatever request processing mechanism) has crashed :)
Or you use fuzz testing.
Exactly. They have excellent tool developed by a talented researcher right there.
*) at not least yet listed on that "The bug-o-rama trophy case" table afl page.
It does not crash the copy of Chrome running on my Win7 machine. I let the machine automatically update when it feels like it; the machine is currently running Chrome 45.0.2454.93
When I paste http: //a/%%30%30 into the address bar, I seem to get a web search for 30 30, with the first two hits being .30-30 Winchester - Wikipedia & 30/30 Poetry. I get the exact same behavior pasting into the search box. So it seems the current default behavior is to treat a malformed URL as a text search.
P.S. This meme should be a bonanza for the good folks at 30/30 poetry!
--- Often in error; never in doubt!
http://a/%%30%30
Not type ANY 16 char url, so being pedantic isn't even your thing.
Considering the product is made by some of the best brains and from a great company and used by billions of folks, how come this bug managed to hide so long? and how it got introduced in the first place? Reading that it's the presence of a NUL char, it seems two different software modules used different abstraction of a string -- may be one using a traditional NUL terminated string [C definition] and another module could be using a String class [where length is explicitly stored along with an array of chars]. I'm just guessing here -- so a string which breaks this assumption and passed across these modules triggered the crash path. So moral of the story.. when you use apples, use only apples; don't mix apples with oranges [In this case, the apple and orange where assumed to be identical..when they are not]
Get rid of the space
This starts to look like it's somewhere between browser and OS, rather than just in the browser. Or at least requires something from the OS to trigger the bug.
~REZ~ #43301. Who'd fake being me anyway?
A day later and it doesn't crash me on v45. .30/.30 winchesters.
I just got my duck duck go page talking about
These days, there's enough spare CPU and virtual machines to throw around to do random-junk fuzzing, but decades ago when I was taking CS100, and we were being taught to never ever ever trust input and always check for corner cases and off-by-ones and other malformed input, we had to run most of our class programs against data sets that were designed to check whether we'd done everything correctly. Maybe your testers won't think of everything, but they ought to be putting as much effort into finding things that can go wrong and testing for them as the coders and designers are into coding and designing the code, and if you don't have enough QA people to do that, you don't have enough QA people.
A QA engineer walks into a bar and orders a beer. Orders 32768 beers. Orders -1 beers. Orders a lizard. ...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Tried this on a Chromebook and sure enough it crashed. It is interesting when the browser on the Chromebook crashes because it feels as though the OS has crashed.
Looks more like a bug introduced in version 45. Of everybody giving their browser version, at least in this thread, everybody with version 45 and above gets a crash, while nobody with a version below 45 does. As opposed to summary, which says it's 45 and below.