Open Bug 1644500 Opened 4 years ago Updated 1 year ago

Web console freezes entire tab when querying large typedarray buffer length

Categories

(DevTools :: Console, defect)

77 Branch
defect

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: william.furr, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Steps to reproduce:

  1. Navigate to a site that uses an Emscripten-compiled WebAssembly module, e.g. https://keep.google.com
  2. Open the web console (opt-cmd-k on macOS)
  3. Try to query the allocated WebAssembly heap ArrayBuffer by typing Module.HEAP8.length in the console

Actual results:

The entire tab froze. I can no longer interact with the page or the developer tools other than changing tabs in the developer tools, but the tabs themselves are empty or non-interactable.

Expected results:

The console should have printed the size, e.g. 134217728 (128 MiB).

This works in both Chrome and Safari developer tools.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Console
Product: Firefox → DevTools

Allocating a large TypedArray in the console and then querying it works fine:

> buf = new Uint8Array(1024 * 1024 * 1024)
< Uint8Array(1073741824) [ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, … ]

> buf.length
< 1073741824

However creating a TypedArray that's a view of a large buffer fails:

> buf = new WebAssembly.Memory({initial: 1024 * 16});  // equivalent to 1024 * 1024 * 1024 bytes above
> view = new Uint8Array(buf.buffer)
> view.length
//  <-- freeze

I've been continuing to test in my console, but after a few freezes the entire browser seems frozen and won't load any pages. I produced a freeze on the new tab page, and now new tabs are just blank and attempting to navigate to another site just makes the tab bar throbber run forever.

WebAssembly.Memory isn't necessary, a large enough ArrayBuffer will do the job just fine.

> buf = new ArrayBuffer(1024 * 1024)
< ArrayBuffer { byteLength: 1048576 }

> buf.length
< undefined
> buf.byteLength
< 1048576
> view = new Uint8Array(buf);
< Uint8Array(1048576) [ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, … ]

> view.length
< 1048576
> view = null
< null
> buf = null
< null
> buf = new ArrayBuffer(1024 * 1024 * 1024)
< ArrayBuffer { byteLength: 1073741824 }

> buf.byteLength
< 1073741824
> view = new Uint8Array(buf)
< Uint8Array(1073741824) [ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, … ]

view.length  // <-- frozzen

The severity field is not set for this bug.
:nchevobbe, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(nchevobbe)
Severity: -- → S4
Flags: needinfo?(nchevobbe)
Flags: needinfo?(zelayainnevada)

Clear a needinfo that is pending on an inactive user.

Inactive users most likely will not respond; if the missing information is essential and cannot be collected another way, the bug maybe should be closed as INCOMPLETE.

For more information, please visit BugBot documentation.

Flags: needinfo?(zelayainnevada)
You need to log in before you can comment on or make changes to this bug.