Closed Bug 114007 Opened 18 years ago Closed 18 years ago

eats all swap

Categories

(Core :: DOM: Core & HTML, defect, major)

x86
All
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 13350

People

(Reporter: markus, Assigned: jst)

References

()

Details

When clicking the above link, mozilla (2001120621) shows really strange behaviour: 
1. 100% cpu
2. 100% smem/swap, 0% cpu
3. release a great deal of memory
back to 2.

(RH 7.1, Ximian GNOME 1.4 all updates applied)
Build ID: 2001 12 06 03. Windows 2000.

Suggest severity CRITICAL. I can reproduce this. Process size
(as displayed in the "Mem Usage" column in Task Manager => Processes)
oscillates between 50 and 100 MB. No I/O. CPU almost 100%.
This seems to go on forever, so I had to kill Mozilla.
I do see the same problem on W2k buildid 2001120603. Since It's on linux and
win2k shouldn't the OS be changed to ALL ?
severity major: to incorrectly execute malicious javascript code is not that
severe, but the behaviour might lead to 'real' bug.
Severity: normal → major
OS: Linux → All
The relevant part of the page:

<form name="form"><input type="text" name="box"><form>

<script language="javascript">
while(true) {
  document.form.box.value=document.form.box.value + '
Status: UNCONFIRMED → NEW
Ever confirmed: true
So it's adding a non-ASCII character that's causing us the problem ... the
character # in question is 167 if that helps.
Reassigning to DOM Level 0. Correct me if I'm wrong, but this has
nothing to do with the particular character that's being appended above,
it's the infinite loop that's the issue:


                 while (true) 
                 {
                   // code with no escape provision
                 }


Therefore I believe this is just a duplicate of bug 13350,
"DOM needs to police JS infinite loops, schedule garbage collection"

For the exact code that Boris referenced above, see this frame:
view-source:http://www.teknix.vwe.net/war/iehang.html
Assignee: rogerl → jst
Component: Javascript Engine → DOM Level 0
QA Contact: pschwartau → amar

*** This bug has been marked as a duplicate of 13350 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.