114007 - eats all swap

Status: RESOLVED DUPLICATE of bug 13350

(Core :: DOM: Core & HTML, defect)

Description

[Markus Bertheau]

When clicking the above link, mozilla (2001120621) shows really strange behaviour: 
1. 100% cpu
2. 100% smem/swap, 0% cpu
3. release a great deal of memory
back to 2.

(RH 7.1, Ximian GNOME 1.4 all updates applied)

Comment 1

[Karl Johan Kleist]

Build ID: 2001 12 06 03. Windows 2000.

Suggest severity CRITICAL. I can reproduce this. Process size
(as displayed in the "Mem Usage" column in Task Manager => Processes)
oscillates between 50 and 100 MB. No I/O. CPU almost 100%.
This seems to go on forever, so I had to kill Mozilla.

Comment 2

[Ludovic Hirlimann]

I do see the same problem on W2k buildid 2001120603. Since It's on linux and
win2k shouldn't the OS be changed to ALL ?

Comment 3

[Markus Bertheau]

severity major: to incorrectly execute malicious javascript code is not that
severe, but the behaviour might lead to 'real' bug.

Comment 4

[Boris Zbarsky [:bzbarsky]]

The relevant part of the page:

<form name="form"><input type="text" name="box"><form>

<script language="javascript">
while(true) {
  document.form.box.value=document.form.box.value + '

Comment 5

[John Keiser (jkeiser)]

So it's adding a non-ASCII character that's causing us the problem ... the
character # in question is 167 if that helps.

Comment 6

[Phil Schwartau]

Reassigning to DOM Level 0. Correct me if I'm wrong, but this has
nothing to do with the particular character that's being appended above,
it's the infinite loop that's the issue:


                 while (true) 
                 {
                   // code with no escape provision
                 }


Therefore I believe this is just a duplicate of bug 13350,
"DOM needs to police JS infinite loops, schedule garbage collection"

For the exact code that Boris referenced above, see this frame:
view-source:http://www.teknix.vwe.net/war/iehang.html

Comment 7

[Phil Schwartau]

*** This bug has been marked as a duplicate of 13350 ***