Closed Bug 1499166 Opened 6 years ago Closed 6 years ago

Uncaught crash in IndexedDB

Categories

(Core :: Storage: IndexedDB, defect)

Product:
Core
Component:
Storage: IndexedDB
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox64 --- affected

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [fuzzblocker])

Attachments

(2 files)

testcase.html
431 bytes, text/html
Details
fuzzer.js
390.49 KB, application/x-javascript
Details
Attached file testcase.html
The attached testcase appears to crash the tab under m-c rev 4a230b07f0cb however, no crash information is generated. I've tested this with both asan and debug builds and nothing is returned. Please note that the testcase must be served via a local webserver in order to reproduce.
Attached file fuzzer.js
Whiteboard: [fuzzblocker]
Looks like it's oom-killer: Oct 15 15:59:29 glenda kernel: JS Helper invoked oom-killer: gfp_mask=0x6280ca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 Oct 15 15:59:29 glenda kernel: JS Helper cpuset=/ mems_allowed=0 ... Oct 15 15:59:29 glenda kernel: Out of memory: Kill process 28580 (file:// Content) score 466 or sacrifice child Oct 15 15:59:29 glenda kernel: Killed process 28580 (file:// Content) total-vm:21710904208kB, anon-rss:8490628kB, file-rss:0kB, shmem-rss:260kB Oct 15 15:59:29 glenda kernel: oom_reaper: reaped process 28580 (file:// Content), now anon-rss:0kB, file-rss:0kB, shmem-rss:4kB
Group: core-security → dom-core-security
(In reply to Jesse Schwartzentruber (:truber) from comment #2) > Looks like it's oom-killer: > > Oct 15 15:59:29 glenda kernel: JS Helper invoked oom-killer: > gfp_mask=0x6280ca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), nodemask=(null), > order=0, oom_score_adj=0 > Oct 15 15:59:29 glenda kernel: JS Helper cpuset=/ mems_allowed=0 > ... > Oct 15 15:59:29 glenda kernel: Out of memory: Kill process 28580 (file:// > Content) score 466 or sacrifice child > Oct 15 15:59:29 glenda kernel: Killed process 28580 (file:// Content) > total-vm:21710904208kB, anon-rss:8490628kB, file-rss:0kB, shmem-rss:260kB > Oct 15 15:59:29 glenda kernel: oom_reaper: reaped process 28580 (file:// > Content), now anon-rss:0kB, file-rss:0kB, shmem-rss:4kB Good catch. Appears to be due to the massive images created via ImageData constructor. I'll have to tune these down. Closing.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
Group: dom-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: