Whenever I try to view the latest MOAB (#29), Safari goes into beachball mode and I have to force quit it. I've tried to reproduce this 3 times now and it has happened every time. Doesn't happen in FireFox.
Could it be that the MOAB team is again trying, in their wisdom, to "teach us all a lesson"?
On Jan 30, 2007, at 2:57 AM, burn.redmond.b...@gmail.com wrote:
> Whenever I try to view the latest MOAB (#29), Safari goes into > beachball mode and I have to force quit it. I've tried to reproduce > this 3 times now and it has happened every time. Doesn't happen in > FireFox.
<img src="bug-files/heat-up.jp2" alt="" height="1" width="1" /> <!-- Never use the macbook at bed again when browsing the MoAB or you will fry your balls, looper -->
I haven't had time to look at it, but Matt Beaumont did some digging, and it sounds like the image causes in an infinite loop in CoreGraphics' jpeg2000 implementation.
On Tue, Jan 30, 2007 at 9:15:50 -0800, Landon Fuller wrote: > I haven't had time to look at it, but Matt Beaumont did some digging, > and it sounds like the image causes in an infinite loop in > CoreGraphics' jpeg2000 implementation.
Should've mentioned this last night on-list, but I was busy with some C++ reversing :)
FWIW, the relevant library is Kakadu [1], licensed by Apple for use with CG. It lives in '/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Framew orks/ImageIO.framework/Versions/A/Resources/libJP2.dylib'.
I'm not actually sure that the loop is infinite, per se, but certainly very, very large -- 300000-ish iterations of the outermost loop times 3-5 iterations of the next loop in, and on occasion, some 0x1212-iteration loops within that.
Looks like another childish attack. Especially given the comment.
Watch, it'll be gone in a few hours with a note that people shouldn't be putting up fake logs and lies about Moab putting up JPEG2000 images that cause massive loops.
Ack, at 1/30/07, Landon Fuller said:
><img src="bug-files/heat-up.jp2" alt="" height="1" width="1" /> ><!-- Never use the macbook at bed again when browsing the MoAB or >you will fry your balls, looper -->
>I haven't had time to look at it, but Matt Beaumont did some >digging, and it sounds like the image causes in an infinite loop in >CoreGraphics' jpeg2000 implementation.
--
Sincerely, Rosyna Keller Technical Support/Carbon troll/Always needs a hug
Unsanity: Unsane Tools for Insanely Great People
It's either this, or imagining Phil Schiller in a thong.
FWIW, our security blog, isfym.com, has been covering this developing issue. If you guys figure out what the exact vulnerability is, anything else the published file does, and/or come up with a fix, I'm sure a lot of people would be grateful.
> Could it be that the MOAB team is again trying, in their wisdom, to > "teach us all a lesson"?
I don't know, but it caused my Power Mac QuickSilver G4 (10.4.8) to experience browser lockups no matter what browser I was using. Safari, Firefox and Camino all died in the same way...a constant beach ball of death, followed by my forcing the affected browser to quit. This computer was upgraded to a 1.8GHz CPU and it never came back even after several minutes.
I think the people behind MOAB really do want to be taken seriously. Unfortunately, that simply isn't the way to do it.
|
