Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

IE Reproducible Memory Issue: Corruption of Arrays Passed ToFunctions

microsoft.public.internetexplorer.general






Speedup My PC
Reply
  #1 (permalink)  
Old 07-31-2009
Lolly Ink
 

Posts: n/a
IE Reproducible Memory Issue: Corruption of Arrays Passed ToFunctions
Running the code below results in corruption of array memory. Tests
have resulted in corruption after anywhere between 50,000 and 150,000
calls to the passArray function. Calling passArray with 1 array
argument results in corruption too, but takes longer to reproduce than
if passing 100 array arguments.

<html>
<style>
table, th, td
{
border: 1px solid black;
padding: 5px;
}

table
{
width: 100%;
}

th, td
{
width: 50%;
}
</style>
<script>
var _attempts = 0;
var _corrupt = false;
var __x = [];

function testArray()
{
doPassArray();
document.getElementById("spanAttempts").innerHTML = ++_attempts;
if (_corrupt)
{
document.getElementById("tdResultCorrupt").innerHT ML =
__x.join("<br>");
__x = [];
doPassArray();
document.getElementById("tdResultNext").innerHTML = __x.join
("<br>");
}
else
{
if ((_attempts % 1000) == 0)
{
window.setTimeout("testArray()", 0);
}
else
{
testArray();
}
}
}

function doPassArray()
{
passArray(
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"]);
}

function passArray()
{
for (var indexArgument = 0; (indexArgument < arguments.length)
&& !_corrupt; indexArgument++)
{
for (var index = 0; index < arguments[indexArgument].length;
index++)
{
if (arguments[indexArgument][index] == undefined)
{
_corrupt = true;
break;
}
}
}
if (_corrupt)
{
for (var indexArgument = 0; indexArgument < arguments.length;
indexArgument++)
{
__x.push("argument " + indexArgument);
for (var item in arguments[indexArgument])
{
__x.push(item + ": " + arguments[indexArgument][item]);
}
__x.push("");
}
}
}
</script>
<body onload="testArray()">
Internet Explorer - Array Corruption Attempts ... <span
id="spanAttempts"></span><br>
<table>
<tr>
<th>Corrupt</th>
<th>Next (Back To Normal?)</th>
</tr>
<tr>
<td id="tdResultCorrupt">&nbsp;</td>
<td id="tdResultNext">&nbsp;</td>
</tr>
</table>
</body>
</html>
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 07-31-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: IE Reproducible Memory Issue: Corruption of Arrays Passed To Functions
IE Developer Center
http://msdn.microsoft.com/en-us/ie/default.aspx

Learn IE8
http://msdn.microsoft.com/en-us/ie/aa740473.aspx

Or you could post here instead:

MSDN IE Development Forums
http://social.msdn.microsoft.com/for...iedevelopment/


Lolly Ink wrote:
> Running the code below results in corruption of array memory. Tests
> have resulted in corruption after anywhere between 50,000 and 150,000
> calls to the passArray function. Calling passArray with 1 array
> argument results in corruption too, but takes longer to reproduce than
> if passing 100 array arguments.
>
> <html>
> <style>
> table, th, td
> {
> border: 1px solid black;
> padding: 5px;
> }
>
> table
> {
> width: 100%;
> }
>
> th, td
> {
> width: 50%;
> }
> </style>
> <script>
> var _attempts = 0;
> var _corrupt = false;
> var __x = [];
>
> function testArray()
> {
> doPassArray();
> document.getElementById("spanAttempts").innerHTML = ++_attempts;
> if (_corrupt)
> {
> document.getElementById("tdResultCorrupt").innerHT ML =
> __x.join("<br>");
> __x = [];
> doPassArray();
> document.getElementById("tdResultNext").innerHTML = __x.join
> ("<br>");
> }
> else
> {
> if ((_attempts % 1000) == 0)
> {
> window.setTimeout("testArray()", 0);
> }
> else
> {
> testArray();
> }
> }
> }
>
> function doPassArray()
> {
> passArray(
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"]);
> }
>
> function passArray()
> {
> for (var indexArgument = 0; (indexArgument < arguments.length)
> && !_corrupt; indexArgument++)
> {
> for (var index = 0; index < arguments[indexArgument].length;
> index++)
> {
> if (arguments[indexArgument][index] == undefined)
> {
> _corrupt = true;
> break;
> }
> }
> }
> if (_corrupt)
> {
> for (var indexArgument = 0; indexArgument < arguments.length;
> indexArgument++)
> {
> __x.push("argument " + indexArgument);
> for (var item in arguments[indexArgument])
> {
> __x.push(item + ": " + arguments[indexArgument][item]);
> }
> __x.push("");
> }
> }
> }
> </script>
> <body onload="testArray()">
> Internet Explorer - Array Corruption Attempts ... <span
> id="spanAttempts"></span><br>
> <table>
> <tr>
> <th>Corrupt</th>
> <th>Next (Back To Normal?)</th>
> </tr>
> <tr>
> <td id="tdResultCorrupt">&nbsp;</td>
> <td id="tdResultNext">&nbsp;</td>
> </tr>
> </table>
> </body>
> </html>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firefox Memory Corruption Vulnerability Paul Security News 0 07-15-2009 11:30
Firefox Memory Corruption Vulnerability Paul Security News 0 07-14-2009 15:50
Firefox Memory Corruption Vulnerability Paul Security News 0 07-14-2009 15:10
Security World: Video - memory corruption and buffer overflows Steve Security News 0 10-26-2008 23:40
Outlook Express and Windows Mail NNTP Memory Corruption Vulnerability Leythos microsoft.public.windows.vista.general 3 10-10-2007 19:02




All times are GMT +1. The time now is 21:03.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120