In article <199510040204.WAA22162@clark.net>, Ray Cromwell <rjc@clark.net> writes:
This is a bug in your X server, not in netscape. The X server should never crash no matter what you send to it.
That's true, but it is also true that Netscape should also be performing some sanity checking on input rather than relying on the supporting libraries to be secure. Remember, a hole is a hole. The last sendmail bug was a buffer overflow in syslog, however, sendmail still got patched to do bounds checking on the strings it was passing to syslog.
It looks like this is only bug on BSDI2.0/XAccel, and NT3.5/NS1.1. But is it wise for netscape to be sending 10,000 character strings to GUI functions anyway?
It's absolutely okay for netscape to send long character strings to the X server. In fact, all it's probably doing is putting long character strings into a Motif widget, which then sends them to the X server. This is also totally okay. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw@engr.sgi.com