[18670] in bugtraq
Fwd: Re: buffer overflow in konqi
daemon@ATHENA.MIT.EDU (David Faure)
Wed Jan 17 18:02:27 2001
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0
Message-Id: <0101171956420N.22592@faure>
Date: Wed, 17 Jan 2001 19:56:42 +0000
Reply-To: David Faure <david@MANDRAKESOFT.COM>
From: David Faure <david@MANDRAKESOFT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
Hi all,
I'm one of the Konqueror developers, and I heard about the possible buffer
overflow issue.
I just tried http://fish.analog.org/~fish/crash_netscape2.html and
crash_me.html, with konqueror (from current CVS, but that shouldn't
make any difference), and I didn't get any crash - neither konqueror
nor X crashed.
I discussed this with the author of the forms code, and we are sure
that this HTML can't generate any crash in konqueror, since we
are using QString everywhere - a class that takes care of memory
allocation for strings. A buffer overflow can't happen with it.
If X crashed for Arthur, it must be some other bug (konqueror has much
improved since KDE 2.0.1 already).
Yours,
David.
On Wednesday 17 January 2001 18:46, you wrote:
>
> ---------- Forwarded Message ----------
> Subject: Re: Buffer Overflow still exists in Netscape <= 4.76
> Date: Wed, 17 Jan 2001 12:54:17 +0000
> From: Arthur Clune <arthur@CLUNE.ORG>
> To: BUGTRAQ@SECURITYFOCUS.COM
>
>
> On Tue, 16 Jan 2001, fish stiqz wrote:
>
> I was curious so I tried this web page (crash_netscape2) with
> KDE 2.0.1, XFree86 4.0.3 using Konqueror.
>
> The browser loaded the page, but when I went to shut the browser
> window it crashed and took X with it.
>
> Can anyone else replicate this?
>
> Arthur
>
> --
> Arthur Clune
> "You have none. Get over it". Scott McNealy on on-line privacy
>
> PGP Public Key - http://www.clune.org/pubkey.txt
>
> -------------------------------------------------------
--
David FAURE, david@mandrakesoft.com, faure@kde.org
http://www.mandrakesoft.com/~david/, http://www.konqueror.org/
KDE, Making The Future of Computing Available Today
