Open Bug 1143973 Opened 9 years ago Updated 2 years ago

Interface crashes and OOM with crafted Ajax

Categories

(Core :: DOM: UI Events & Focus Handling, defect)

36 Branch
x86
Linux
defect

Tracking

()

People

(Reporter: wiykellll, Unassigned)

Details

(Keywords: crash, hang, testcase)

Attachments

(1 file)

User Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33
Build ID: 20150308222504

Steps to reproduce:

1.) Use a blank profile
2.) Place ajax-stack-overflow.html and ajax-stack-overflow-2.html in the same directory. 
3.) Open(CTRL+O or run from command line or File->Open File...) ajax-stack-overflow-2.html in a fresh instance of Seamonkey or Firefox.
4.) Click the submit button.
5.) Let run until it stops.
6.) Press and hold Enter until the Seamonkey GUI disappears or Firefox becomes unresponsive. 
Holding Enter in causes the button to be pressed again which executes the script again and causes the crash.


Actual results:

Many alert prompts opened up rather quickly. The script stopped. Holding in Enter to close all the prompts can cause the process to start all over again, and crash the GUI.
The process was still running, and had to be terminated.


Expected results:

I believe alert prompts are meant to stop script execution, preventing more alerts from appearing. I'm not sure how this would be achieved with AJAX.

This is my first time filing a bug report, so I don't know if this is a critical issue or not. I'm opting to err on the side of caution. There are other related issues and more information in report.txt, but I think this is the main issue. I got a Stack Overflow by accident and I haven't been able to reproduce it.
I can reproduce the hanging, but not the crash. Do you have a crash report ID? ( about:crashes )
Component: General → Untriaged
Flags: needinfo?(wiykellll)
Product: SeaMonkey → Core
Version: SeaMonkey 2.33 Branch → 36 Branch
about:crashes was empty. I'm guessing that since the process is still open the crash handler doesn't execute?
Flags: needinfo?(wiykellll)
Group: core-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash, hang, testcase
I am cleaning up untriaged items. If it is not a proper component , please assist. Thanks
Component: Untriaged → Event Handling
Component: Event Handling → User events and focus handling
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: