Web console freezes entire tab when querying large typedarray buffer length
Categories
(DevTools :: Console, defect)
Tracking
(Not tracked)
People
(Reporter: william.furr, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Steps to reproduce:
- Navigate to a site that uses an Emscripten-compiled WebAssembly module, e.g. https://keep.google.com
- Open the web console (opt-cmd-k on macOS)
- Try to query the allocated WebAssembly heap ArrayBuffer by typing
Module.HEAP8.length
in the console
Actual results:
The entire tab froze. I can no longer interact with the page or the developer tools other than changing tabs in the developer tools, but the tabs themselves are empty or non-interactable.
Expected results:
The console should have printed the size, e.g. 134217728 (128 MiB).
This works in both Chrome and Safari developer tools.
Comment 1•4 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
Reporter | ||
Comment 2•4 years ago
|
||
Allocating a large TypedArray in the console and then querying it works fine:
> buf = new Uint8Array(1024 * 1024 * 1024)
< Uint8Array(1073741824) [ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, … ]
> buf.length
< 1073741824
However creating a TypedArray that's a view of a large buffer fails:
> buf = new WebAssembly.Memory({initial: 1024 * 16}); // equivalent to 1024 * 1024 * 1024 bytes above
> view = new Uint8Array(buf.buffer)
> view.length
// <-- freeze
I've been continuing to test in my console, but after a few freezes the entire browser seems frozen and won't load any pages. I produced a freeze on the new tab page, and now new tabs are just blank and attempting to navigate to another site just makes the tab bar throbber run forever.
Reporter | ||
Comment 3•4 years ago
|
||
WebAssembly.Memory isn't necessary, a large enough ArrayBuffer will do the job just fine.
> buf = new ArrayBuffer(1024 * 1024)
< ArrayBuffer { byteLength: 1048576 }
> buf.length
< undefined
> buf.byteLength
< 1048576
> view = new Uint8Array(buf);
< Uint8Array(1048576) [ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, … ]
> view.length
< 1048576
> view = null
< null
> buf = null
< null
> buf = new ArrayBuffer(1024 * 1024 * 1024)
< ArrayBuffer { byteLength: 1073741824 }
> buf.byteLength
< 1073741824
> view = new Uint8Array(buf)
< Uint8Array(1073741824) [ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, … ]
view.length // <-- frozzen
Comment 4•4 years ago
|
||
The severity field is not set for this bug.
:nchevobbe, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•4 years ago
|
Updated•2 years ago
|
Comment 5•1 year ago
|
||
Clear a needinfo that is pending on an inactive user.
Inactive users most likely will not respond; if the missing information is essential and cannot be collected another way, the bug maybe should be closed as INCOMPLETE
.
For more information, please visit BugBot documentation.
Description
•