Because the JPEG COM field length variable is 2 bytes wide, and itself is included in the length value, the minimum value for this field is 2, this implies an empty comment. If the comment length value is set to 1 or 0, a buffer overflow occurs overwriting heap management structures.
The problem is GDIPlus normalizes the COM length prior to checking it's value; a starting length of 0 becomes -2 after normalization (0xFFFE unsigned), this value is converted to the 32 bit value 0xFFFFFFFE and is eventually passed on to memcpy which attempts to copy ~4G bytes into heap memory.
...and since the COM field can be in the header, memcpy loads almost the entire jpeg file into heap memory, which can have executable code in it that'll be run when the buffer overflows.
The solution to this problem? How about ONE SIMPLE ERROR CHECKING ROUTINE to watch for an incorrect value in the COM field length?
And here's the kicker: remember the problem Netscape had with jpeg files, 4 years ago? This is the same exact thing.
This has something to do with the Start of Scan (SOS) block. From here:
SOS (Start Of Scan) marker:
Marker Identifier [2 bytes]
_0xff, 0xda identify SOS marker
Length [2 bytes]
_This must be equal to 6+2*(number of components in scan).
Number of Components in scan [1 byte]
_This must be from 1 to 4 (otherwise error), usually 1 or 3
Each component [2 bytes]
_For each component, read 2 bytes. It contains:
__Component ID [1 byte]
___1=Y, 2=Cb, 3=Cr, 4=I, 5=Q
__Huffman table to use [1 byte]
___bit 0..3 : AC table (0..3)
___bit 4..7 : DC table (0..3)
Ignorable Bytes [3 bytes]
_We have to skip 3 bytes.
Important part is in bold.
On that site are 3 important images: AlexPaul2, AP3, and AP4. All 3 display correctly in Firefox, IrfanView, and Windows Picture and Fax Viewer. The only problem seems to be with IE.
With IE:
AlexPaul2 - correct
AP3 - hues are wrong, red and blue appear to be switched
AP4 - CRASH
All of these use 3 components in the scan, so there are 6 bytes total for that portion of the SOS block.
I have tried switching the order of these to each other and the problem absolutely stems from here.
AP4 to AP3: 0100 0311 0211 - there is a red/blue hue difference between most programs and IE.
AP4 to AP2: 0100 0211 0311 - there is no difference between the programs and IE.
AP3 to AP4: 0311 0211 0100 - IE CRASH!
AP3 to AP2: 0100 0211 0311 - there is no difference, but the red/blue hue switch appears in BOTH normal programs and IE. In other words, AP3 appears the same in IE with both settings.
This last result makes me think IE is somehow trying to re-order these in ascending Component ID order, and this causes the errors.
One thing the JFIF document I found doesn't mention is that the order of these components matters. Changing the order always makes the jpeg appear different (sort of like a newspaper comic with the inks misaligned) in non-IE programs. If anyone knows more about this, please respond.
I don't post here much and I'm at college right now, so I can't test it on slashdot, but from posting on other sites Opera always has everything exactly the same when I hit back. I believe this is part of the design; it brings up exactly what was loaded before rather than re-loading the page like other browsers.
He's not saying that people don't like what they've got. He's just saying there's more and better things out there that no one notices because no attention is given to them by the mainstream media. They do choose between what they like and dislike, but only amongst what is shown to them.
The only mildly entertaining part were the transcripts, and the whole time I was thinking about how The Daily Show would have done a much better job making fun of them. I love it when they find someone with a completely insane theory, back the person into a logical corner using their own answers, and ask that one question that inambiguously reveals the glaring error in their thought that everyone else can see, leaving them completely silent as those of us watching at home laugh their asses off. And they do that in the middle of making fun of them in ways that the person often doesn't even notice, with over-dramatic narrative and wacky commentary at the end. Comedy genius.
Yeah, I'm gonna get an Offtopic for this, but as Gir would say, "I love this show."
More people need to find out about this. I heard about it in the Slashdot forums a while ago and it's been amazing, as long as you combine it with a little program called eDexter, which returns a transparent 1x1 gif to any file request sent to the loopback address 127.0.0.1 (so it won't prevent any other access to your computer). Otherwise you get a bunch of big ugly 404 error pages where the ads were.
I've found that you can block almost everything, with 2 exceptions:
1. Ads that are referenced by the webpage using the actual IP address rather than a server name
2. Ads that use the same server name as the content (sometimes seen on smaller sites, like online comics, or even here; images.slashdot.org has both ads and the rest of Slashdot's images).
-Shmibbon, who has at least a hundred entries in his hosts file so far
Doesn't differential calculus disprove Zeno's Paradox? Limit of f(x) as x -> infinity, with f(x) being the total distance covered at each interval of time, and x being the decreasing intervals of time? That's what I always thought would take care of it.
That's why we need to make sure we have the ability to reprogram the technology and hardwire in bits of logic. Asimov already thought of this and gave us three very nice laws of robotics for this exact purpose. Although I guess it would have to understand what humans are and recognize their instructions in order to follow those rules...
Holy jesus. This has probably already been noted, but...
The SSSCA draft says that it is unlawful to create, sell or distribute "any interactive digital device that does not include and utilize certified security technologies" that are approved by the U.S. Commerce Department. An interactive digital device is defined as any hardware or software capable of "storing, retrieving, processing, performing, transmitting, receiving or copying information in digital form."
INFORMATION IN DIGITAL FORM. And those actions include pretty much ALL computer components, do they not? They want to make it illegal to manufacture even PC components that don't comply with their "certified security technologies" FOR ALL INFORMATION. Dear general public: DANGER WILL FREAKIN ROBINSON
-Shmibbon, not yet jaded and going insane over the 1984-ishness of it all
You base all of the internet traffic on the web on 9688 hosts (not accesses or people) accessing one WWW server at a university? Geez, go take a statistics class.
Retro console gamers (SNES 2-D days) will love this. Lots of games that focus on FUN as the most important thing: Wario Land 4, Mega Man Battle Network, Klonoa, Castlevania: COTM (FINALLY a sequel to CSOTN!), and Advance Wars just to name a few. There's lots of creativity and skill being poured into this console, and yet I can't find a mention of it on the forum. Give it a chance, try out those display models or rent/borrow it and try out one of those games I mentioned.
There were games on the Commodore 64 that put plenty of modern video games to shame. A better analogy would be "I have games on my Phillips CD-i that put Microsoft to shame," but then again who the hell would admit to having one of those?
-Shmibbon
P.S. does ANYONE IN THE ENTIRE WORLD have a disk image of Tonk in the Land of Buddy Bots for C64? That was my favorite game as a kid and I can just barely find a mention of the Atari console version in a summary of an issue of an old magazine...plus the switches don't work right in Castles of Dr. Creep on emulators...I hate my parents for giving that computer away, they did the same damn thing with my Atari
This came up while my sister was typing some middle school paper. Funniest thing since that Word 97 thesaurus "I'd like to see Bill Gates dead." trick.
I had a few different sizes of those electronics kits, the 300-in-1 (the biggest, I think) is still in my closet. I killed one of the smaller ones (either 200 or 180) by hooking all the batteries in series straight to the 3 LEDs in series to see how bright they'd get (at least I was smart enough not to just use ONE light). I suck at electronics.
BTW, the results of my experiment: One LED flickered out, one started smoking a lot, and one was really bright, and I think the batteries leaked afterwards. Kinda like that Looney Tunes gag where they drink all the explosive stuff, and then they explode, and someone (Porky or Bugs, depending on the episode) says "Wow, that trick was amazing!" and their ghost says "Yeah, but you can only do it once!"
It's not meant for stopping anyone from using their software. Anyone intelligent enough to spot this isn't going to use Frontpage anyway. This is for 2 reasons: to cover their ass so they never get blamed for something someone makes with their software, and to give them the right (they think) to punish some of the people who speak out against them.
Slashdot Mirror
The solution to this problem? How about ONE SIMPLE ERROR CHECKING ROUTINE to watch for an incorrect value in the COM field length?
And here's the kicker: remember the problem Netscape had with jpeg files, 4 years ago? This is the same exact thing.
Important part is in bold.
On that site are 3 important images: AlexPaul2, AP3, and AP4. All 3 display correctly in Firefox, IrfanView, and Windows Picture and Fax Viewer. The only problem seems to be with IE.
With IE:
AlexPaul2 - correct
AP3 - hues are wrong, red and blue appear to be switched
AP4 - CRASH
All of these use 3 components in the scan, so there are 6 bytes total for that portion of the SOS block.
AlexPaul2: 0100 0211 0311
AP3: 0100 0311 0211
AP4: 0311 0211 0100
I have tried switching the order of these to each other and the problem absolutely stems from here.
AP4 to AP3: 0100 0311 0211 - there is a red/blue hue difference between most programs and IE.
AP4 to AP2: 0100 0211 0311 - there is no difference between the programs and IE.
AP3 to AP4: 0311 0211 0100 - IE CRASH!
AP3 to AP2: 0100 0211 0311 - there is no difference, but the red/blue hue switch appears in BOTH normal programs and IE. In other words, AP3 appears the same in IE with both settings.
This last result makes me think IE is somehow trying to re-order these in ascending Component ID order, and this causes the errors.
One thing the JFIF document I found doesn't mention is that the order of these components matters. Changing the order always makes the jpeg appear different (sort of like a newspaper comic with the inks misaligned) in non-IE programs. If anyone knows more about this, please respond.
The 2 AM seismic event is strongest at KIS. That's located in the middle of the south shore of Japan (Chugoku-Shikoku area). It also shows up strong on the north/south motion graph (first graph is up/down).
Check the previous days, there's plenty of spikes. It's just a damn earthquake in Japan.
I don't post here much and I'm at college right now, so I can't test it on slashdot, but from posting on other sites Opera always has everything exactly the same when I hit back. I believe this is part of the design; it brings up exactly what was loaded before rather than re-loading the page like other browsers.
He's not saying that people don't like what they've got. He's just saying there's more and better things out there that no one notices because no attention is given to them by the mainstream media. They do choose between what they like and dislike, but only amongst what is shown to them.
ZZT!
Yeah, so I was in elementary school when it was made and I just found out about it. But it's fun!
The only mildly entertaining part were the transcripts, and the whole time I was thinking about how The Daily Show would have done a much better job making fun of them. I love it when they find someone with a completely insane theory, back the person into a logical corner using their own answers, and ask that one question that inambiguously reveals the glaring error in their thought that everyone else can see, leaving them completely silent as those of us watching at home laugh their asses off. And they do that in the middle of making fun of them in ways that the person often doesn't even notice, with over-dramatic narrative and wacky commentary at the end. Comedy genius.
Yeah, I'm gonna get an Offtopic for this, but as Gir would say, "I love this show."
More people need to find out about this. I heard about it in the Slashdot forums a while ago and it's been amazing, as long as you combine it with a little program called eDexter, which returns a transparent 1x1 gif to any file request sent to the loopback address 127.0.0.1 (so it won't prevent any other access to your computer). Otherwise you get a bunch of big ugly 404 error pages where the ads were.
I've found that you can block almost everything, with 2 exceptions:
1. Ads that are referenced by the webpage using the actual IP address rather than a server name
2. Ads that use the same server name as the content (sometimes seen on smaller sites, like online comics, or even here; images.slashdot.org has both ads and the rest of Slashdot's images).
-Shmibbon, who has at least a hundred entries in his hosts file so far
Doesn't differential calculus disprove Zeno's Paradox? Limit of f(x) as x -> infinity, with f(x) being the total distance covered at each interval of time, and x being the decreasing intervals of time? That's what I always thought would take care of it.
-Shmibbon
That's why we need to make sure we have the ability to reprogram the technology and hardwire in bits of logic. Asimov already thought of this and gave us three very nice laws of robotics for this exact purpose. Although I guess it would have to understand what humans are and recognize their instructions in order to follow those rules...
-Shmibbon
Holy jesus. This has probably already been noted, but...
The SSSCA draft says that it is unlawful to create, sell or distribute "any interactive digital device that does not include and utilize certified security technologies" that are approved by the U.S. Commerce Department. An interactive digital device is defined as any hardware or software capable of "storing, retrieving, processing, performing, transmitting, receiving or copying information in digital form."
INFORMATION IN DIGITAL FORM. And those actions include pretty much ALL computer components, do they not? They want to make it illegal to manufacture even PC components that don't comply with their "certified security technologies" FOR ALL INFORMATION. Dear general public: DANGER WILL FREAKIN ROBINSON
-Shmibbon, not yet jaded and going insane over the 1984-ishness of it all
I'm voting for Jar Jar Binks.
You base all of the internet traffic on the web on 9688 hosts (not accesses or people) accessing one WWW server at a university? Geez, go take a statistics class.
-Shmibbon
Retro console gamers (SNES 2-D days) will love this. Lots of games that focus on FUN as the most important thing: Wario Land 4, Mega Man Battle Network, Klonoa, Castlevania: COTM (FINALLY a sequel to CSOTN!), and Advance Wars just to name a few. There's lots of creativity and skill being poured into this console, and yet I can't find a mention of it on the forum. Give it a chance, try out those display models or rent/borrow it and try out one of those games I mentioned.
-Shmibbon
There were games on the Commodore 64 that put plenty of modern video games to shame. A better analogy would be "I have games on my Phillips CD-i that put Microsoft to shame," but then again who the hell would admit to having one of those?
-Shmibbon
P.S. does ANYONE IN THE ENTIRE WORLD have a disk image of Tonk in the Land of Buddy Bots for C64? That was my favorite game as a kid and I can just barely find a mention of the Atari console version in a summary of an issue of an old magazine...plus the switches don't work right in Castles of Dr. Creep on emulators...I hate my parents for giving that computer away, they did the same damn thing with my Atari
going to bed now
Confused...
This came up while my sister was typing some middle school paper. Funniest thing since that Word 97 thesaurus "I'd like to see Bill Gates dead." trick.
-Shmibbon
I had a few different sizes of those electronics kits, the 300-in-1 (the biggest, I think) is still in my closet. I killed one of the smaller ones (either 200 or 180) by hooking all the batteries in series straight to the 3 LEDs in series to see how bright they'd get (at least I was smart enough not to just use ONE light). I suck at electronics.
BTW, the results of my experiment: One LED flickered out, one started smoking a lot, and one was really bright, and I think the batteries leaked afterwards. Kinda like that Looney Tunes gag where they drink all the explosive stuff, and then they explode, and someone (Porky or Bugs, depending on the episode) says "Wow, that trick was amazing!" and their ghost says "Yeah, but you can only do it once!"
It's not meant for stopping anyone from using their software. Anyone intelligent enough to spot this isn't going to use Frontpage anyway. This is for 2 reasons: to cover their ass so they never get blamed for something someone makes with their software, and to give them the right (they think) to punish some of the people who speak out against them.