RE: Large table causes system meltdown - GDI resource runs out from Chris Beall on 2006-02-27 (www-amaya@w3.org from January to March 2006)

From: Chris Beall <Chris_Beall@prodigy.net>
Date: Mon, 27 Feb 2006 15:37:54 -0500
To: "Amaya users" <www-amaya@w3.org>
Message-ID: <NEBBJCHGALDLNHBAOEBLIENDDBAA.Chris_Beall@prodigy.net>
To avoid lots of obsolete information, I'm documenting this problem from
scratch in this one place.

Symptoms: Amaya 8.8.4 on Windows 98 has garbled displays, the most likely
results being:
 - Scrolling icons (up, down, left, right arrows) become digits.
 - Images do not display (.gif) or are replaced by a greyscale 'picture'
icon (.jpg).
 - Displayed fonts change in size, boldness, etc.
 - Assorted system error messages: 'unable to start task', etc.

Cause: GDI (Graphical Display Interface) system resources are constantly
consumed as Amaya displays images (<img> element).  When these resources are
exhausted, all attempts to write to the display give unpredictable results.

To reproduce and observe:

Close all running applications.

Start the Windows Resource Meter
Start
  Programs
    Accessories
      System tools
        Resource meter
          OK
Click on the green-bar icon in the taskbar.  A three-line bar graph window
will appear.  On the third line are 'GDI resources'.  (Additional info on
the resource meter is at http://support.microsoft.com/kb/300059/en-us)

Open Amaya.
File
  Open document
    Enter the URL
http://pages.prodigy.net/chris_beall/Amaya/Manyimagecrash.html
      [performance alternative: copy the html page and the 'back.gif' image
it uses to a local drive and refer to that location]
    Confirm

Reduce the vertical height of the Amaya window (formatted view) by raising
the bottom of the window just above the bottom of the TEXT in the window.  A
vertical scroll bar will appear.  This will later allow you to detect
corruption of the arrows at the ends of this scroll bar.

Reposition the Amaya and Resource Meter windows so that both are visible at
the same time.

Note the value of the 'GDI resources' line on the Resource Meter.  With no
other tasks running, it should be high (70-90%).

Click the Reload icon in Amaya.  After a few seconds the Resource Meter will
show updated values.  Note that the % of available GDI resource has
decreased [in my system by about 4-5%].

Repeat clicking the Reload icon in Amaya.  Note that with each reload (which
fetches 60 copies of a .gif image) the available GDI resource declines
further.

When the GDI Resources drop below 10%, a popup window will appear, alerting
you to the fact that things are getting tight (This apparently happens ONLY
if the Resouce Meter is running...).  Acknowledge the popup.

When the GDI resources drop to zero, or perhaps one Reload cycle later, note
that the scroll arrows in the Amaya window have changed to digits.  Scroll
down in that window and note that the images are no longer displayed.  The
text may have changed appearance.

Reload the page again.  Things will get worse.  Try to start other tasks on
the system and note that they either will not start or show evidence of
display corruption.

Close Amaya.  Note that the GDI Resources return to a value near the one you
started with.

Reboot the system to clean things up.

What is happening here?  There are two bugs:
  1. Amaya is acquiring GDI resources and not releasing them.  This seems to
occur any time it processes an image (and perhaps as it does other things as
well).
  2. Windows 98 does not protect itself from exhaustion of GDI resources IF
THE IMAGE BEING DISPLAYED IS A .GIF.  If the same test case is run using
.jpg images, the GDI Resource still declines, but when if drops below 5%
Windows stops displaying the .jpg and in its place displays a greyscale
generic image with the word 'picture' in it.  Subsequent attempts to display
a .jpg result only in display of this icon and no further depletion of GDI
Resource.  [Display of .gif files at this point, however, will still take
you over the cliff.]

Miscellaneous notes:
 - I have reproduced this problem on two hardware systems with significantly
different displays, video cards, and drivers.  The failure occurred after 20
refreshes, plus or minus 1, on both systems.
 - Running the same test case using Netscape 7.1, Opera 8.52, and IE 6,
shows NO depletion of GDI resources at any time.  Clearly Amaya is dealing
with the GDI in an unusual manner.
 - David Woolley has suggested to me that this may constitute an exploitable
buffer overrun situation: a security concern.  Although it is not at all
clear that this situation could be exploited in the sense of 'gaining
control' of a user's system, it is abundantly clear that it could be used to
cripple that system and force a reboot.  All that would be required is a
single web page containing about 1200 .gif images.  Fetching this page with
Amaya would consume all GDI resource on the system, rendering it mush.
 - Amaya is not alone in encountering this problem.  Microsoft has done it
to themselves in the past (see http://support.microsoft.com/kb/193365/en-us)
 - If all of the foregoing is not sufficient to identify the problem within
Amaya, the page at
http://msdn.microsoft.com/msdnmag/issues/01/03/leaks/default.aspx may be
helpful.  I found the part about the use of MFC (acronym never expanded) to
be most interesting, but it was not clear if it was applicable to a 'C' code
environment.

Chris Beall
Received on Monday, 27 February 2006 20:40:44 UTC