One line of html code to crash Winblows

[Aloone_Jonez]

Grapshics Device Interface, isn't this what Windows uses instead of the X-window system as I origionally thought?

[Shiver]

Unbelievable. I didn't think even winshit could be downed this easily anymore.

Choking it with a picture resized too large feels so... simple. One would think something like this would have been found ages ago. :o

[WMD]

Grapshics Device Interface, isn't this what Windows uses instead of the X-window system as I origionally thought?

Yes, and it runs in kernel mode.

[Combustible]

you are reading way too much into it, this isnt a bug the computer is doing what its supposed to do. maybe there should be some safeguards to stop it from trying to do that but thats not relevant right now, this is why is "crashes"
 
(it doesnt actually crash. let it sit long enough and it will recover unless the pc goes down under the strain)
 
the browser is being told to prep a 9999999x9999999 space for an image. thats 99999980000001 pixels.
 
thats a lot of pixels. an image of 262144x262144 is half a terabyte according to the gimp
 
you got a pc that can handle several orders of magnitude larger file sizes? probably not. if you try and render this, here is what happens:
 
1. it allots the space
2. it freaks out
3. it seems to lock up but really is just working super hard
4. your pc will go down if its not stable to begin with
 
im typing this on IE6 XPSP2 after having opened the link. it took me a while to get the mouse over the X to close the window and free up my pc, but i did it.
 
woo.

[Refalm]

you are reading way too much into it, this isnt a bug the computer is doing what its supposed to do. maybe there should be some safeguards to stop it from trying to do that but thats not relevant right now, this is why is "crashes"
 
(it doesnt actually crash. let it sit long enough and it will recover unless the pc goes down under the strain)
 
the browser is being told to prep a 9999999x9999999 space for an image. thats 99999980000001 pixels.
 
thats a lot of pixels. an image of 262144x262144 is half a terabyte according to the gimp
 
you got a pc that can handle several orders of magnitude larger file sizes? probably not. if you try and render this, here is what happens:
 
1. it allots the space
2. it freaks out
3. it seems to lock up but really is just working super hard
4. your pc will go down if its not stable to begin with
 
im typing this on IE6 XPSP2 after having opened the link. it took me a while to get the mouse over the X to close the window and free up my pc, but i did it.
 
woo.

It's also a browser issue. Opera simply displayed the image smaller, and didn't render the full 9999999x9999999.

The image they used for the hack is pretty cool:
sweetydead.jpg

Down with Jamba!

[toadlife]

If you think about it, this is sort of similar to the long time fork bomb vulnerability with linux. In both cases, the system involved comes without sane limits on how it uses it's resources. The result in both cases is the ability of any user to take down the system.

[RaZoR1394]

you are reading way too much into it, this isnt a bug the computer is doing what its supposed to do. maybe there should be some safeguards to stop it from trying to do that but thats not relevant right now, this is why is "crashes"
 
(it doesnt actually crash. let it sit long enough and it will recover unless the pc goes down under the strain)
 
the browser is being told to prep a 9999999x9999999 space for an image. thats 99999980000001 pixels.
 
thats a lot of pixels. an image of 262144x262144 is half a terabyte according to the gimp
 
you got a pc that can handle several orders of magnitude larger file sizes? probably not. if you try and render this, here is what happens:
 
1. it allots the space
2. it freaks out
3. it seems to lock up but really is just working super hard
4. your pc will go down if its not stable to begin with
 
im typing this on IE6 XPSP2 after having opened the link. it took me a while to get the mouse over the X to close the window and free up my pc, but i did it.
 
woo.

Off course It's a bug as the computer won't even lag when using GNU/Linux och *BSD.

[MrX]

you are reading way too much into it, this isnt a bug the computer is doing what its supposed to do. maybe there should be some safeguards to stop it from trying to do that but thats not relevant right now, this is why is "crashes"
 
(it doesnt actually crash. let it sit long enough and it will recover unless the pc goes down under the strain)
 
the browser is being told to prep a 9999999x9999999 space for an image. thats 99999980000001 pixels.
 
thats a lot of pixels. an image of 262144x262144 is half a terabyte according to the gimp
 
you got a pc that can handle several orders of magnitude larger file sizes? probably not. if you try and render this, here is what happens:
 
1. it allots the space
2. it freaks out
3. it seems to lock up but really is just working super hard
4. your pc will go down if its not stable to begin with
 
im typing this on IE6 XPSP2 after having opened the link. it took me a while to get the mouse over the X to close the window and free up my pc, but i did it.
 
woo.

sort of like what happens when you take a cpu intensive program like cpuburn and run two at once? or one at 'realtime' priority?

Mr X

[Aloone_Jonez]

Doesn't look like a nVidia issue. I've heard from a lot of people who have gotten the bluescreen or reboot with ATI cards. Some with nVidia cards also only get slowdowns and not BSOD/reboot.

Looks like kernel or driver issue. Still if It's a driver issue It's the fault of Windows because it lets the graphics driver run on "ring 0" (kernel level) which is idiotic. In other systems graphics drivers run on "ring 3" for ex X.

I've just realised what you meant, Windows is silly for running its Windowing system in kernel mode while the UNIX X-window system runs in user mode.

Well I can see your point but Windows NT is a purely graphical OS, it doesn't have a text mode like UNIX does. When X crashes under Linux it's just as bad as it takes out all X programs ie OpenOffice so still I loose my work anyway, though this has only happened to me on Redhat 9.0 though.

[Combustible]

Off course It's a bug as the computer won't even lag when using GNU/Linux och *BSD.

technically no, a bug is when something doesnt work... you cant compare behavior of windows to *nix as a basis for calling it a bug, those are two very different codebases. this is working as it was designed to work, it just needs safeguards to prevent it from trying to do what its being told to do.
 
i would therefore call it an exploit. a rather useless one but still an exploit.

[RaZoR1394]

technically no, a bug is when something doesnt work... you cant compare behavior of windows to *nix as a basis for calling it a bug, those are two very different codebases. this is working as it was designed to work, it just needs safeguards to prevent it from trying to do what its being told to do.
 
i would therefore call it an exploit. a rather useless one but still an exploit.

I just call everything that doesn't work a bug. So don't take my word seriously. You're very right about that. It's similar to the DDOS problem where for ex the web server just does what it is supposed to do. On the other hand you can have safeguards for it or special firewall features. I have howewer just started learning about security problems so I'm not so experienced with it.

[Combustible]

the browsers shouldnt try to display a pic that would bring down the pc, that much is for sure... i think it should do a simple memory check and decide if it should even bother with the pic, a 3260x3620 image could eat up 100 megs of ram... basically we need "smarter" software.

[Aloone_Jonez]

May be so, but a decent operating system shouldn't let a program running in ring 3 bring down the system.

This is a bug in the operating system, even if the browser is as buggy as hell this system shouldn't crash.

[toadlife]

May be so, but a decent operating system shouldn't let a program running in ring 3 bring down the system.

No it shouldn't.

But all operating systems have this funny way of finding out new and different ways of sucking every day.

[muzzy]

Windows is silly for running its Windowing system in kernel mode while the UNIX X-window system runs in user mode.

Indeed, but there's a good reason for it, too. Well, kinda. The issue is system call latency. The windows architecture is actually designed so that all the subsystems are separate processes and couldn't crash the kernel, but there's a big issue with it. Since the communication mechanism between application and the subsystem is a plain client/server model, it means that both are scheduled and threaded normally. The client makes a request, to which the subsystem must respond in a different process, and then return operation back to the first process. Since windows quantum size is typically 25 milliseconds, under 100% cpu load this would be a serious issue, as all system calls could take 50 milliseconds to complete. This isn't acceptable.

In the original NT design, there was a hack to implement it. Two special system interrupts to do ordered fashion context switching, to call another process and then return, without scheduling. However, it was a hack, and MS wanted to replace it. So, portions of different parts of win32 subsystem got moved into kernel, for faster access. In my opinion, this was a bad choice, at least in hindsight. Modern systems are already so fast that 25ms quantums are insanely long, especially for workstation use. I'd rather have 1ms quantums or even shorter for desktop systems, and possibly a different kind of RPC mechanism for controlled context switching.

So, it's running in kernel for performance reasons. Which IMO could be better solved in other ways.