Skip to main content
Topic: Ultimate way to crash Chrome (Read 4601 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Ultimate way to crash Chrome

http://simpleportal.net/index.php?topic=14115
No idea how to fix it but it's *bad*, give it a try, please.  :-X

By the way, it can be placed anywhere - in sigs etc. It should be addressed as quickly as possible because if some malicious users start to spam it, then they can lead any other user with Chrome-based browsers to instantly crash while browsing the forum.
Last Edit: September 20, 2015, 08:09:55 pm by Flavio93Zena
~ SimplePortal Support Team ~

Re: Ultimate way to crash Chrome

Reply #1

That's a really big bug.

Re: Ultimate way to crash Chrome

Reply #2

Yeah I dared to use to exclamation icon, too ;D
~ SimplePortal Support Team ~

Re: Ultimate way to crash Chrome

Reply #3

Thats awesome, I love it.  (just hover that link in chrome and it bombs)

http://a/%%30%30

We should probably do some additional sanitation of the image / link strings in 1.1 ... the reality is that chrome will be fixed and pushed faster than the server side of things though.

Re: Ultimate way to crash Chrome

Reply #4

LOL

Well, is that a valid url or has some invalid element?
Bugs creator.
Features destroyer.
Template killer.

Re: Ultimate way to crash Chrome

Reply #5

I don't think its valid as it would say the FQDN is "a"

Re: Ultimate way to crash Chrome

Reply #6

Sigh, and they don't want to fix it on SMF. Undecided whether to laugh or cry.
~ SimplePortal Support Team ~

Re: Ultimate way to crash Chrome

Reply #7

Quote from: Spuds – I don't think its valid as it would say the FQDN is "a"
Though... it's a valid host unless I read the specification wrong.
But what is the part that crashes chrome? Really the "a" or the fancy symbols in there?

Quote from: Flavio93Zena – Sigh, and they don't want to fix it on SMF. Undecided whether to laugh or cry.
Well, provided I'm not sure what there is to fix, I'm not really that fond in fixing an issue about the crash of a browser that will be fixed in a week, while in the best case, considering for something like this I wouldn't change the release plan and our next would be in December, I guess by the time we release the fix, nobody will even remember there was such a bug in Chrome. ;)
Bugs creator.
Features destroyer.
Template killer.

Re: Ultimate way to crash Chrome

Reply #8

Please don't be like Kindred, add sanitization of the URL. Once you told me the same, your turn now.
~ SimplePortal Support Team ~

Re: Ultimate way to crash Chrome

Reply #9

If there is something to sanitize.

ETA: and anyway, please, go lobbying the fix for chrome as well, because it's chrome that is "reacting" quite a bit overkilling for a malformed url. ;)
Bugs creator.
Features destroyer.
Template killer.

Re: Ultimate way to crash Chrome

Reply #10

I'm not sure what crashes chrome specifically, but I did not think a single character FQDN was valid, go figure.  I would have thought it would need at least a \.[a-z]{2,} but I have not checked the spec.

Re: Ultimate way to crash Chrome

Reply #11

I'm not sure I used the correct specs, but:
Quote from: https://tools.ietf.org/html/rfc3986#section-3.2.2reg-name    = *( unreserved / pct-encoded / sub-delims )

let's see:
http://a/%%30%30
http://www.elkarte.net/%%30%30
http://a/something/%%30%30

http://a/%%30%29

http://a/%%30

http://a/%30%30

http://a/%30

Last Edit: September 22, 2015, 01:14:58 pm by emanuele
Bugs creator.
Features destroyer.
Template killer.

Re: Ultimate way to crash Chrome

Reply #12

Only the first one crashes here. (Off to dinner, will log back in a lot later though).
~ SimplePortal Support Team ~

Re: Ultimate way to crash Chrome

Reply #13

Only the first three (yeah, I added some on the way :P)crash chrome, so the problem is not the FQDN, but exactly this particular sequence of URL-encoded entities.

That said, that particular sequence is likely to be invalid, because %%30%30 => %00 => null char.
But, I think (and I may very well be wrong) detect this specific null char in an URL is gonna be rather tricky.
Bugs creator.
Features destroyer.
Template killer.

Re: Ultimate way to crash Chrome

Reply #14

Yeah it's the null char