Closed Bug 241982 Opened 21 years ago Closed 20 years ago

Memory usage rises continuous with this html code

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: sven, Assigned: mrbkap)

References

(
URL
)

Details

(Keywords: crash, hang, Whiteboard: [sg:dos])

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040206 Firefox/0.8 When I visit a site with this html-code (http://www.kuhnerts.com/sven/test.html) the memory usage rises continuos and the CPU usage oscillates between 50% and 100%! I tested this with firefox 0.8 and mozilla 1.6 on linux and windows on different PCs. The stylesheet link in this .html file doesn`t exist on this server but the error doesn`t occur without this link. Reproducible: Always Steps to Reproduce: 1. open the browser 2. visit http://www.kuhnerts.com/sven/test.html 3. watch memory/cpu usage Actual Results: the memory usage rises continuos and the CPU usage oscillates between 50% and 100% Expected Results: show the site without rising memory ;) This bug meight be used to perform an DoS attack or to write your own code in the memory (not tested yet)!
Confirming. I don't see the high CPU usage (some, but low 10-30%) but the memory usage goes crazy and will eventually kill your OS. On windows the memory used is NOT counted against the mozilla process in the task manager, but it does come back when the mozilla process is killed. In a debug build I get an endless string of WARNING: NS_ENSURE_TRUE(aParser) failed, file c:/dev/mozscape/mozilla/htmlparser/src/nsDTDUtils.cpp, line 1569 In case the test page goes away I'm pasting it here. I don't think the referenced stylesheet exists, and note the <head> inside/after <body> and that <body> isn't closed. Who works on the parser these days? Would be nice to have a fix. <html> <body> <table> <head> <link rel="stylesheet" type="text/css" href="stylesheet/style.css"> <title>Advice</title> </head> <p> <h1>Congratulations you see just an Error in Mozilla<br>Check CPU usage and Memory allocation</h1> </p> </html>
Assignee: parser → jst
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.8a2?
Keywords: crash, hang
Whiteboard: [sg:dos]
I doubt anyone really works on parser nowadays, really. In any case, I suspect that the right fix is to fix bug 84582
Depends on: 84582
Flags: blocking1.8a2?
clearing confidential flag, not usually used for crashes or DOS bugs.
Group: security
Taking, since I'm working on the parser.
Assignee: jst → mrbkap
Marking this as FIXED (neither dveditz, jst, nor I can reproduce this bug anymore). I believe the checkin for bug 220542 fixed this.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.