1450458 - Canvas DOS through recursive use of drawImageData / getImageData

Status: RESOLVED INACTIVE

(Core :: Graphics: Canvas2D, defect, P3)

Description

[Alex Farrant]

Attachment: canvasDOS.html

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7

Steps to reproduce:

Use the HTML5 canvas functions for drawImageData and getImageData badly in a recursive loop.


Actual results:

On Linux a denial of service occurred with memory usage climbing at a rate of >1GB/s until the computer became completely unresponsive and required a power cycle. The 'page is running slow..' dialog never activated. 

On Mac the effect was not as dramatic and the 'page is running slow' dialog appeared as expected and the browser could be closed.

Windows has not been tested.


Expected results:

A slow running script should trigger the warning dialog and allow the option to be closed.

Comment 1

[Jeff Muizelaar [:jrmuizel]]

I don't think the impact here is any different than if a page made a bunch of large typed arrays. Is the experience different for you with canvas than that situation?

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

Redirect a needinfo that is pending on an inactive user to the triage owner.
:lsalzman, since the bug has high severity, could you have a look please?

For more information, please visit auto_nag documentation.