Closed Bug 1328542 Opened 8 years ago Closed 7 years ago

Crash [@ OOM | small ] with mozilla::dom::HTMLImageElement involved

Categories

(Web Compatibility :: Site Reports, defect)

Product:
Web Compatibility
Component:
Site Reports
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(firefox51- affected, firefox52- wontfix, firefox53- affected)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox51 - affected
firefox52 - wontfix
firefox53 - affected

People

(Reporter: cbook, Unassigned)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: [contactready])

Found via bughunter and reproduced with tinderbox windows opt beta build. Opt Builds crash very fast (within 30 seconds) debug builds take way longer Steps to reproduce: -> Load http://www.lcvs.kh.edu.tw/site/adm-night/department.html ---> Crash after a few seconds Crash-id https://crash-stats.mozilla.com/report/index/281b431c-4b4b-4d89-bce5-51afd2170104 - beta opt https://crash-stats.mozilla.com/report/index/6a601749-9bbd-40cc-b8e1-c02c62170104 - nightly opt
[Tracking Requested - why for this release]: bughunter found affects opt builds, edgar could you take a look , not sure if this is the right component. thanks!
status-firefox51: --- → affected
status-firefox52: --- → affected
status-firefox53: --- → affected
tracking-firefox51: --- → ?
tracking-firefox52: --- → ?
tracking-firefox53: --- → ?
Flags: needinfo?(echen)
Page is doing a "new Image" call. Having that crash on OOM is not unreasonable. Tried the page in Chrome: it pegs the CPU in the content process, and memory usage is growing, but slowly...
(In reply to Boris Zbarsky [:bz] (still a bit busy) from comment #3) > Page is doing a "new Image" call. Having that crash on OOM is not > unreasonable. > > Tried the page in Chrome: it pegs the CPU in the content process, and memory > usage is growing, but slowly... Same in Edge. I look at the page source [1], it runs into an infinite loop and calls "new Image" repeatedly. ====== <head> ... <script> ... function FP_preloadImgs() {//v1.0 var d=document,a=arguments; if(!d.FP_imgs) d.FP_imgs=new Array(); for(var i=0; i<a.length; i ) { d.FP_imgs[i]=new Image; d.FP_imgs[i].src=a[i]; } } ... </script> </head> <body onload="FP_preloadImgs(/*url*/'images/button6.jpg',/*url*/'images/button5.jpg')"> .... </body> [1] view-source:http://www.lcvs.kh.edu.tw/site/adm-night/department.html
OK, in that case an OOM crash is pretty much expected, seems like.
Seems this is a broken script allocating memory in an infinite loop, doesn't seem worth tracking.
Flags: needinfo?(echen)
Component: DOM: Core & HTML → Desktop
Product: Core → Tech Evangelism
Setting this to needsdiagnosis for now. Sounds like it's happening to some extent in all browsers, so maybe not a high priority for webcompat?
Whiteboard: [needsdiagnosis]
(In reply to Adam Stevenson [:adamopenweb] from comment #7) > Setting this to needsdiagnosis for now. Sounds like it's happening to some > extent in all browsers, so maybe not a high priority for webcompat? I think so.
Whiteboard: [needsdiagnosis] → [needscontact]
To add to Edgar's comment #4: function FP_preloadImgs() {//v1.0 var d=document,a=arguments; if(!d.FP_imgs) d.FP_imgs=new Array(); for(var i=0; i<a.length; i ) { d.FP_imgs[i]=new Image; d.FP_imgs[i].src=a[i]; } } Note that they're never incrementing i in that loop, so it never stops. To fix this they need to do: ... for(var i=0; i<a.length; i++) ... (not the plusses there)
* (note the plusses there)
I send a mail to 4 staffs in the computer center who are the website owners. School's mail server seems not work, two mail delivery fail. But one uses gmail and the other one uses yahoo looks good. I also remind them about the infinite loops in different functions, not only in FP_preloadImgs(), but it's the first root cause of this bug. Set whiteboard to contactready.
Whiteboard: [needscontact] → [contactready]
Too late for firefox 52, mass-wontfix.
status-firefox52: affectedwontfix
I can see that they fixed their infinite loop. Cool.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.