If this is true couldn't a malicious website simply set the initial value of the form then use javascript to submit it upon loading the page causing the clients X to crash? ie. <input type="text" value="(9000 A's)"> and have a body onload=document.forms[0].submit()? John Scimone CS Major @ Ga Tech On Friday 07 December 2001 04:26 pm, you wrote: > I have discovered a little bug in K Desktop 2.1.2 that crashes your X > Server. > > By using the konqueror web browser and inputting around 9000+ A's (or > whatever) into a search box (for instance www.yahoo.com's web search box) - > this will crash your X environment. > > I have successfully done it using 9000 A's on one search box (crashing X > instantly), then I used 90'000 and it also worked - but without immediate > effect (took a few seconds). > > It also sometimes seems to work by just pasting 900000 A's into a search > box and before it even displays the A's X crashes. (note: If you want it > to display the A's before X crashes paste 9000, then as soon as you click > to start the search - its bye bye X). > > Sorry but I can only test it on KDE 2.1.2, because I have no other systems > available right now. > > By the way: > > [smackenz@mainframe smackenz]$ uname -a > Linux mainframe 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown > (Rehat 7.1) > (KDE 2.1.2) > (this works in Gnome and KDE using with the konqueror web browser) > > To test simply use a shell and type: > > perl -e 'print "A" x 9000' > > Then copy these, and paste them into a search form. > > Also I tried this in netscape and it didn't work so it suggests its a > konqueror error somewhere or other. > > Cheers > > Scott Mackenzie
This archive was generated by hypermail 2b30 : Sat Dec 08 2001 - 00:26:18 PST