Crash Chrome With 16 Characters

← Back to Stories (view on slashdot.org)

Crash Chrome With 16 Characters

Posted by timothy on Saturday September 19, 2015 @05:32AM from the you-go-first dept.

An anonymous reader writes: Remember when it took just eight characters to crash Skype? Apparently it takes double that to take out Chrome: Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser. To try it yourself, fire up Chrome 45 (the latest stable version) or older and put this into your address bar: http: //a/%%30%30 (without the space).

13 of 205 comments (clear)

Min score:

Reason:

Sort:

It's not just Chrome by Duckman5 · 2015-09-19 05:36 · Score: 4, Informative

I just fired up Opera (shares the Blink engine) and gave it a try. Sure enough, it crashed and restarted. Wonder where the issue is...
1. Re:It's not just Chrome by FatdogHaiku · 2015-09-19 06:06 · Score: 4, Funny
  
  It's 2015 and browsers are not properly sanitizing the URL bar?
  That's why I'm waiting for the Lysol® browser...
  *Lysol® Browser does not sanitize the keyboard or mouse! :-(
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
2. Re:It's not just Chrome by beelsebob · 2015-09-19 06:19 · Score: 4, Insightful
  
  You mean "It's 2015 and developers still introduce bugs"... and frankly... no fucking shit. Yes, coding is hard. Every time you change code (and I'm sure the URL bar parsing code changes pretty regularly) you stand a chance of introducing a bug.
3. Re:It's not just Chrome by bondsbw · 2015-09-19 06:40 · Score: 4, Insightful
  
  And this is one reason it is so insensible when highly skilled software developers get worried over this idea that everyone is going to get some programming background.
  As soon as it hits the fan--and it will--they'll need someone to fix it. And in many cases it will happen over and over and over again, and push costs higher than just hiring someone to do it right to begin with.
  I'm not worried.
  
  --
  All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
4. Re:It's not just Chrome by fustakrakich · 2015-09-19 06:41 · Score: 4, Funny
  
  Every time you change code... you stand a chance of introducing a bug.
  Maybe the code doesn't want to change...
  
  --
  “He’s not deformed, he’s just drunk!”
5. Re:It's not just Chrome by alvinrod · 2015-09-19 07:14 · Score: 3, Insightful
  
  They probably do have some regression tests, but who would have written a unit test for an address with 16 characters in it? Some bugs are just so weird that no one even thinks to test for them.
6. Re:It's not just Chrome by Kjella · 2015-09-19 13:50 · Score: 4, Insightful
  
  True. Tests will tell you if something doesn't work, not if it does work. Automated tests are overrated anyways, they are more like a spell-check than a writing aid. I'd rather have a roomful of nonchalant, untrained users and unleash them on my product than trust the outcome of a series of tests written by biased developers.
  I think you've fundamentally misunderstood the purpose and function of tests. If I realized this code would break in some corner case, I would have handled it. No developer would write code that fails his own tests. Granted, sometimes the process of writing tests aids your understanding but in that case you'd improve the code. That is true even for test-driven design, if you don't fully understand all the conditions that need testing, the test will be flawed or incomplete and the code too. The primary function is to prevent existing, working test cases from breaking by accident. Because let's face it, we're imperfect beings working on imperfect code and I've managed to break my own code plenty of times without realizing it, not to speak of someone else's work. Or we're mashing up modules in a new way using them in ways they were never meant to work, testing is also about verifying assumptions. Also by "work" I mean defined behavior, like if you divide by zero it's not supposed to work but it's supposed to fail in a controlled way. Testing is supposed to preserve behavior when the implementation changes. If it was never planned and tested behavior in the first place, well you're going to find out it changed the hard way.
  
  --
  Live today, because you never know what tomorrow brings
Chromium 45.0.2454.93 Crashes by behrooz0az · 2015-09-19 05:51 · Score: 4, Informative

[6918:6918:0919/221732:FATAL:navigation_controller_impl.cc(927)] Check failed: active_entry->site_instance() == rfh->GetSiteInstance().
Doesn't crash if the url is passed as an argument. Just opens up about:blank(not default behavior)
4.1.6-1-ARCH x86_64 GNU/Linux

--
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
Re:Didn't crash... by Anonymous Coward · 2015-09-19 06:01 · Score: 5, Funny

Sure... the older something is, the higher its age... so Chrome 44 is younger than Chrome 45.
Tried it on Internet Explorer by JustAnotherOldGuy · 2015-09-19 06:25 · Score: 4, Funny

I tried it on Internet Explorer and not only did the browser crash, it billed me for $299.95. Also, every site I browse now appears to be Russian porn.

--
Just cruising through this digital world at 33 1/3 rpm...
I got the golden ticket by goombah99 · 2015-09-19 06:28 · Score: 5, Funny

Mine just pulled up website with Larry Paige telling me I got the golden ticket and will am invited to tour the Google Chocolate Factory with my uncle Joe.

--
Some drink at the fountain of knowledge. Others just gargle.
Re:Interesting by Chris+Mattern · 2015-09-19 06:36 · Score: 3, Informative

Actually, it should be unescaped to %00.
Gee, I tried a 16-character URL and it worked fine by Guy+Harris · 2015-09-19 07:18 · Score: 3, Informative

Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser.
Gee, I typed in http://sonic.com and hit Enter, and it worked Just Fine.
Perhaps they meant to say "Typing in a particular 16-character link, clicking on a particular 16-character link, or even just putting your cursor over a particular 16-character link, will crash Google's browser."