Session Restore crashes the tab if there is too much content in a textbox; Crash in [@ mozilla::ipc::MessageChannel::Send | mozilla::ipc::MessageChannel::Send | mozilla::ipc::IProtocol::ChannelSend | IPC_Message_Name=PWindowGlobal::Msg_UpdateSessionStore]
Categories
(Firefox :: Session Restore, defect)
Tracking
()
People
(Reporter: mstange, Assigned: farre)
References
Details
(Keywords: crash)
Crash Data
Attachments
(3 files)
I was using a page which puts a lot of text into a <textarea>. This caused the tab to crash. But not because it was out of memory; it crashed because session restore tried to send a large IPC message.
Crash report: https://crash-stats.mozilla.org/report/index/1ace771b-5cc2-4de1-8fb7-eee340210824
MOZ_CRASH Reason: MOZ_CRASH(IPC message size is too large)
Top 10 frames of crashing thread:
0 XUL mozilla::ipc::MessageChannel::Send ipc/glue/MessageChannel.cpp:895
1 XUL mozilla::ipc::MessageChannel::Send ipc/glue/MessageChannel.cpp:895
2 XUL mozilla::ipc::IProtocol::ChannelSend ipc/glue/ProtocolUtils.cpp:523
3 XUL mozilla::dom::PWindowGlobalChild::SendUpdateSessionStore ipc/ipdl/PWindowGlobalChild.cpp:686
4 XUL mozilla::dom::SessionStoreDataCollector::Collect toolkit/components/sessionstore/SessionStoreDataCollector.cpp:145
5 XUL mozilla::dom::SessionStoreDataCollector::Notify toolkit/components/sessionstore/SessionStoreDataCollector.cpp:35
6 XUL nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:618
7 XUL nsTimerEvent::Run xpcom/threads/TimerThread.cpp:248
8 XUL mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:805
9 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1148
This is amazing. I'm very curious what the page is and why they're putting ~256MB of text into a textarea.
farre, any ideas for how to deal with this?
Reporter | ||
Comment 2•3 years ago
|
||
(In reply to :kashav (he/him) from comment #1)
This is amazing. I'm very curious what the page is and why they're putting ~256MB of text into a textarea.
It was a testing page that I created myself while I was working on profiler symbolication. The page is http://tests.themasta.com/profiler-get-symbols/ . It puts the entire symbol table of a library into a textbox, and I was testing with libxul, which has a rather large symbol table. So yes, it's not really a legitimate use case. I was just delighted that my script worked at all, and then disappointed that I couldn't inspect the results because the output was only on the screen for a fraction of a second before the tab crashed.
Comment 3•3 years ago
|
||
(In reply to :kashav (he/him) from comment #1)
farre, any ideas for how to deal with this?
The message manager and window actors have explicit checks that the message it is trying to send isn't too large. See bug 1604609. Of course, if this is just a synthetic test case it might not be worth dealing with.
Assignee | ||
Comment 4•3 years ago
|
||
Wow! I guess the immediate thing is to disallow collecting too large data. That's easy enough to do. Maybe we should consider clearing a field in formdata
if it grows to be too large. If someone inputs some kind of structured data, like, I don't know, a symbol table :D, it would be better to have no data rather than invalid data. On the other hand, if you've written your thesis in an input field, you might get a bit bummed out by that.
But yeah. Let's decide on an upper value to begin with. This has been a thing for old session store as well. The only thing we had before was the limit for session storage. Maybe use that for this as well.
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 5•3 years ago
|
||
Add prefs:
-
browser.sessionstore.dom_form_limit
Limit for how long a value from a form can be to be included in
session store collection. -
browser.sessionstore.dom_form_max_limit
Limit how much total data we collect from forms from one site, as in
the sum of length of values plus sum of length of xpath/id.
Assignee | ||
Comment 6•3 years ago
|
||
We need two limits, one for the size of values, and one for the total
size collected.
Depends on D125195
Assignee | ||
Comment 7•3 years ago
|
||
Depends on D125196
Comment 9•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/3660eb350c0d
https://hg.mozilla.org/mozilla-central/rev/6bf3b9611e44
https://hg.mozilla.org/mozilla-central/rev/646a73d6c26c
Updated•3 years ago
|
Description
•