Interface crashes and OOM with crafted Ajax




4 years ago
3 years ago


(Reporter: wiykellll, Unassigned)


({crash, hang, testcase})

36 Branch
crash, hang, testcase

Firefox Tracking Flags

(Not tracked)



(1 attachment)



4 years ago
Created attachment 8578387 [details]

User Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33
Build ID: 20150308222504

Steps to reproduce:

1.) Use a blank profile
2.) Place ajax-stack-overflow.html and ajax-stack-overflow-2.html in the same directory. 
3.) Open(CTRL+O or run from command line or File->Open File...) ajax-stack-overflow-2.html in a fresh instance of Seamonkey or Firefox.
4.) Click the submit button.
5.) Let run until it stops.
6.) Press and hold Enter until the Seamonkey GUI disappears or Firefox becomes unresponsive. 
Holding Enter in causes the button to be pressed again which executes the script again and causes the crash.

Actual results:

Many alert prompts opened up rather quickly. The script stopped. Holding in Enter to close all the prompts can cause the process to start all over again, and crash the GUI.
The process was still running, and had to be terminated.

Expected results:

I believe alert prompts are meant to stop script execution, preventing more alerts from appearing. I'm not sure how this would be achieved with AJAX.

This is my first time filing a bug report, so I don't know if this is a critical issue or not. I'm opting to err on the side of caution. There are other related issues and more information in report.txt, but I think this is the main issue. I got a Stack Overflow by accident and I haven't been able to reproduce it.

Comment 1

4 years ago
I can reproduce the hanging, but not the crash. Do you have a crash report ID? ( about:crashes )
Component: General → Untriaged
Flags: needinfo?(wiykellll)
Product: SeaMonkey → Core
Version: SeaMonkey 2.33 Branch → 36 Branch

Comment 2

4 years ago
about:crashes was empty. I'm guessing that since the process is still open the crash handler doesn't execute?
Flags: needinfo?(wiykellll)
Group: core-security
Ever confirmed: true
Keywords: crash, hang, testcase

Comment 3

3 years ago
I am cleaning up untriaged items. If it is not a proper component , please assist. Thanks
Component: Untriaged → Event Handling
You need to log in before you can comment on or make changes to this bug.