Fwd: Re: Buffer Overflow with all versions of Internet Explorer and Javacript.
David Faure
david at mandrakesoft.com
Wed Aug 7 09:59:49 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 04 August 2002 23:09, Koos Vriezen wrote:
> On Wed, 5 Jun 2002, Koos Vriezen wrote:
>
> > On Wed, 5 Jun 2002, Harri Porten wrote:
> > Hmmm, just looked at the setitimer manpage. ITIMER_VIRTUAL seems a good
> > option. It doesn't decrement with 'window.alert' alikes. We also get
> > milli seconds resolution. Eg.
> > signal(SIGVTALRM, alarmHandler);
> > struct itimerval tv = { { 2, 0}, { 5, 0 } };
> > setitimer(ITIMER_VIRTUAL, &tv, 0L);
> > Completion comp = m_script->evaluate(code, thisNode);
> > struct itimerval tv2 = { { 0, 0}, { 0, 0 } };
> > setitimer(ITIMER_VIRTUAL, &tv2, 0L);
> >
> > seems to work. (Strange, without a interval value, the signal is not
> > delivered.) However, this wouldn't fix the infinitely case ;)
>
> Still had this small hack in my tree. Didn't see any problems with it,
> so I de-hacked it a little. The attached patch does:
> - prevents JS to hang khtml with scripts like 'while(1);',
> - asks the user if a script should be terminated after it uses more than a
> predefined time (here 5 seconds), and repeats this question after
> another predefined time (here 2 seconds),
Looks good, except that AFAIK "a lot of time" is a bit familiar.
- --
David FAURE, david at mandrakesoft.com, faure at kde.org
http://people.mandrakesoft.com/~david/
Contributing to: http://www.konqueror.org/, http://www.koffice.org/
Back from holidays
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9UOGF72KcVAmwbhARAsmAAKCCn63gxhaIvQRO5i88Oesu6dgxQwCfR4P/
jD8h1dqE60Kbl9sbxSqE/kI=
=PsAq
-----END PGP SIGNATURE-----
More information about the kfm-devel
mailing list