#78 ApplicationBar Crash

closed
Martin
Components (19)
8
2011-10-11
2011-08-29
Erik Knowles
No

The SharpEnviro site's down, so I'm posting here an update to some notes I've been compiling regarding a crashing toolbar that features an ApplicationBar module. I'm now certain of the cause of the crash and can duplicate it at will:

* The crash definitely happens in FireFox when I change pages to one that has a *huge* number of characters in the page ttitle. FF uses the page title as the caption, so what's happening is that the ApplicationBar module is crashing when it retrieves an application caption that has a large number of characters in it. Buffer overflow anyone?

The crash happens on my computer often because my bug tracker (Roundup) uses the text of the currently-viewed bug report as the page title, so stack traces and whatnot included as part of a bug report make FireFox's application title very wide. I'm sure you can duplicate the problem in Delphi by creating a little program that sets Application.Title = to a large string.

Discussion

  • Erik Knowles
    Erik Knowles
    2011-08-29

    Definitely confirmed. Create a new Delphi project, double-click on the created form to add a FormCreate method, and put the following line in the auto-generated method declaration:

    Application.Title := StringOfChar('A',10000)

    Running the application will consistently crash the toolbar that holds the ApplicationBar module.

     
  • Erik Knowles
    Erik Knowles
    2011-08-29

    • priority: 5 --> 8
     
  • Erik Knowles
    Erik Knowles
    2011-08-29

    Whoops, sorry, I meant "Task" module when I referred to the "ApplicationBar" module

     
  • Erik Knowles
    Erik Knowles
    2011-08-29

    As another example, visiting the page below will crash the SharpBar when visited using FireFox (Internet Explorer truncates the HTML page title and so does not cause the crash):

    http://geosystemsoftware.com/erik/sharpcrash.html

    This may be remotely exploitable to give at least user-level access by crafting a web page that includes exploit code in the page title.

     
  • Erik Knowles
    Erik Knowles
    2011-10-11

    • status: open --> closed
     
  • Erik Knowles
    Erik Knowles
    2011-10-11

    RC3 corrects the error.