1233719 - problem with for block and recursion - possible memory leak with "typeof"

Status: RESOLVED INVALID

(Firefox :: Untriaged, defect)

Description

[Colin Saxton]

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20151208100201

Steps to reproduce:

Was writing a simple recursion routing to step through some json using the following code

            function meml()
            {
                var json = ({
					item:[
					        {"name":"X","age":50,"title":"Mr"},
					        {"name":"Y","age":47,"title":"Mrs"}
					     ]
				});
                memleak(json);
            }
            
            function memleak(o)
            {
                if(typeof(o == "object"))
                {
                    for(n in o)
                    {
                        memleak(o[n]);
                    }
                }
            }

If you notice the brace on the typeof test I mistakenly wrapped the whole test...

typeof(o == "object") 

instead of

typeof(o) == "object"

When you run meml() you get the error reported in the results...If you step through it with the debugger it is not correctly stepping through the control block (for n in o)

if you correct the mistake then all works fine...I think that this is some kind of memory leak and I am sure that if I was to put my mind to it I should be able to exploit the browser security.

Regards.


Actual results:

too much recursion

Comment 1

[Benjamin Smedberg]

This is a simple infinite recursion in content JS. We have some protections against JS infinitely recursing, although they aren't bulletproof. It's also possible for content JS to consume memory until the browser crashes. In either case this is not a security exploit. In any case, it's not an issue that we're going to track at this time.