Flash Ad Freeze-up WTF



  • I'd love to see the source code of the Flash ad for "TV Land's High School Reunion" that's running at this moment on http://tvlistings.zap2it.com/. Alas, by the time most people here see the page, it will probably be replaced by a different one, so here's a direct link to one of the ads in question assuming the SWF is still up later today (warning, potential Flash freeze-up).

    When I accessed the site shortly after midnight EST on Wednesday (GMT-0500), this ad literally froze up my browser.

    So I set my clock to CST (GMT-0600) and loaded the page. Now that the system clock claimed it was a bit past 11:00 on Tuesday, the ad loaded properly.

    Then I set the clock back to EST again and reloaded. Frozen again.

    Apparently, the ad uses some sort of ActionScript to determine whether to display "tonight" or "tomorrow" in its text. Except, apparently, they forgot to add the logic for "tonight" in the actual ad, thus leading to an infinite loop if the ad displayed on the day the show aired (i.e., Wednesday). And then they failed to realize that the ad would actually [i]run[/i] on Wednesday morning in some time zones. ::headdesk:: Nice job breaking it, ad guys...

    (And yes, I did promptly add Zap2it's ad server to Adblock.)



  • Oh, and to be fair, Flash did pop up the box it usually pops up when it catches a script in an infinite loop.

    The problem? Variations on this ad appeared about five or six times on the page. So, once I clicked the button to abort the first script, the next ad would start loading...



  • The realwtf is that flash defaults to a 15 sec timeout when 1 sec is 30 times more than neciserialy.



  • @henke37 said:

    The realwtf is that flash defaults to a 15 sec timeout when 1 sec is 30 times more than neciserialy.
     

    More things than infinite loops can cause freezes or pauses. Some are even (somewhat) legit.

    15 secs is a decent time. Perhaps 10. But a single second isn't "30 times" the amount you'll need to determine script freeze.



  • @codeman38 said:

    So I set my clock to CST (GMT-0600) and loaded the page. Now that the system clock claimed it was a bit past 11:00 on Tuesday, the ad loaded properly.
    How did you know what was the problem? Is that something you try each time a flash misbehaves? :P



  • //First frame

    [snip]
    if (myMonth >= 2 && myDate >= 12 || myMonth > 2)
    {
    gotoAndStop(2);
    }
    if (myMonth >= 2 && myDate >= 17 || myMonth > 2)
    {
    gotoAndStop(2);
    }
    if (myMonth >= 2 && myDate >= 18 || myMonth > 2)
    {
    gotoAndStop(3);
    }

    //Second frame

    [snip]
    if (myMonth >= 2 && myDate >= 18 || myMonth > 2)
    {
    gotoAndStop(2);
    } // end if
    if (myMonth >= 2 && myDate >= 18 || myMonth > 2)
    {
    gotoAndStop(3);
    }

    //Third frame
    stop ();


  • @hvm said:

    How did you know what was the problem?

    Once I managed to get all the Flash ads on the page unfrozen, I noticed that the ad was wildly flashing between "tonight", "Wednesday" and "next Wednesday". That was a hint that it had something to do with date-parsing logic.



  • @spamcourt said:

    //Second frame

    [snip]
    if (myMonth >= 2 && myDate >= 18 || myMonth > 2)
    {
    gotoAndStop(2);
    }

    Niiiice. It gets stuck on frame 2 whenever it's the 18th.



  • @spamcourt said:

    if (myMonth >= 2 && myDate >= 12 || myMonth > 2)
    {
    gotoAndStop(2);
    }
    . . .
    Mind if I ask what tool you used to decompile/extract that?



  • This is precisely why ad blockers were invented. Some might say not wanting your browser raped by shitty code makes you a thief. I like to point them to pages like these.



  • @DaveK said:

    Mind if I ask what tool you used to decompile/extract that?

    I don't know for sure, but probably Sothink's SWFDecompiler. I picked up a demo when I was missing some .fla files, only problem is the demo doesn't output code (it's $79 for that privilege), but it seems to do what it does well.



  • Please keep in mind that Flash does not run scripts while drawing, it does one of the tasks at a time. And if it's going to fool the human eye, it has to draw a new frame at least 24 times each sec. Most people stick with a framerate of 30, meaning that each framescript has 1/30 sec -drawing time to execute. A one sec timeout is more than needed to catch scripts that are misbehaving, they where misbehaving when they took more than their allocated time and they sure as hell are misbehaving when you can't even get one frame rendered each sec. A 15 sec timeout is just too much.



  • @lolwtf said:

    This is precisely why ad blockers were invented. Some might say not wanting your browser raped by shitty code makes you a thief. I like to point them to pages like these.

    I thought this was why NoScript was written.  It's certainly why I run NoScript.

    Yes, ads have a bad reputation for this type of behavior, but there's also websites that do this sort of crap for their main pages.

    Morbius will certainly claim I have poor reasoning capability, but I greatly prefer to avoid running code in languages which are known for having some of the dodgiest code around.  Requiring a modicum of competency to get a script working enough to even attempt to deploy it may be a poor way to weed out the worst coders, but it works better than denying code purely randomly.  (Sigh.  But not much better.)



  • @tgape said:

    I greatly prefer to avoid running code in languages which are known for having some of the dodgiest code around.

    I have a slightly different approach: I don't go to dodgy internet sites. The vast majority of my web browsing happens on well-known, highly-trafficked sites which run nice, clean, well-written code. This is largely because of the enormous probability that after dodgy code is placed there, a few million people will go to that web site before I do, and the reliable professional administrators of that site will almost certainly have it fixed by the time I show up.



  • @CDarklock said:

    @tgape said:

    I greatly prefer to avoid running code in languages which are known for having some of the dodgiest code around.

    I have a slightly different approach: I don't go to dodgy internet sites. The vast majority of my web browsing happens on well-known, highly-trafficked sites which run nice, clean, well-written code. This is largely because of the enormous probability that after dodgy code is placed there, a few million people will go to that web site before I do, and the reliable professional administrators of that site will almost certainly have it fixed by the time I show up.

    Oh.  You're on that internet, the other one.  Well, good advice for there I suppose, but not really relevant to the rest of us!



  • @DaveK said:

    @CDarklock said:

    @tgape said:

    I greatly prefer to avoid running code in languages which are known for having some of the dodgiest code around.

    I have a slightly different approach: I don't go to dodgy internet sites. The vast majority of my web browsing happens on well-known, highly-trafficked sites which run nice, clean, well-written code. This is largely because of the enormous probability that after dodgy code is placed there, a few million people will go to that web site before I do, and the reliable professional administrators of that site will almost certainly have it fixed by the time I show up.

    Oh.  You're on that internet, the other one.  Well, good advice for there I suppose, but not really relevant to the rest of us!

    Yeah.  That internet has no porn.  Why would anyone go to an internet with no porn?


  • @belgariontheking said:

    Yeah.  That internet has no porn.  Why would anyone go to an internet with no porn?
     

    An internet without porn may very well be an internet without glassass.


Log in to reply