Closed Bug 1727367 Opened 3 years ago Closed 3 years ago

Session Restore crashes the tab if there is too much content in a textbox; Crash in [@ mozilla::ipc::MessageChannel::Send | mozilla::ipc::MessageChannel::Send | mozilla::ipc::IProtocol::ChannelSend | IPC_Message_Name=PWindowGlobal::Msg_UpdateSessionStore]

Categories

(Firefox :: Session Restore, defect)

defect

Tracking

()

RESOLVED FIXED
94 Branch
Tracking Status
firefox-esr78 --- wontfix
firefox-esr91 --- wontfix
firefox92 --- wontfix
firefox93 --- wontfix
firefox94 --- fixed

People

(Reporter: mstange, Assigned: farre)

References

Details

(Keywords: crash)

Crash Data

Attachments

(3 files)

I was using a page which puts a lot of text into a <textarea>. This caused the tab to crash. But not because it was out of memory; it crashed because session restore tried to send a large IPC message.


Crash report: https://crash-stats.mozilla.org/report/index/1ace771b-5cc2-4de1-8fb7-eee340210824

MOZ_CRASH Reason: MOZ_CRASH(IPC message size is too large)

Top 10 frames of crashing thread:

0 XUL mozilla::ipc::MessageChannel::Send ipc/glue/MessageChannel.cpp:895
1 XUL mozilla::ipc::MessageChannel::Send ipc/glue/MessageChannel.cpp:895
2 XUL mozilla::ipc::IProtocol::ChannelSend ipc/glue/ProtocolUtils.cpp:523
3 XUL mozilla::dom::PWindowGlobalChild::SendUpdateSessionStore ipc/ipdl/PWindowGlobalChild.cpp:686
4 XUL mozilla::dom::SessionStoreDataCollector::Collect toolkit/components/sessionstore/SessionStoreDataCollector.cpp:145
5 XUL mozilla::dom::SessionStoreDataCollector::Notify toolkit/components/sessionstore/SessionStoreDataCollector.cpp:35
6 XUL nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:618
7 XUL nsTimerEvent::Run xpcom/threads/TimerThread.cpp:248
8 XUL mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:805
9 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1148
Severity: -- → S2

This is amazing. I'm very curious what the page is and why they're putting ~256MB of text into a textarea.

farre, any ideas for how to deal with this?

Flags: needinfo?(afarre)

(In reply to :kashav (he/him) from comment #1)

This is amazing. I'm very curious what the page is and why they're putting ~256MB of text into a textarea.

It was a testing page that I created myself while I was working on profiler symbolication. The page is http://tests.themasta.com/profiler-get-symbols/ . It puts the entire symbol table of a library into a textbox, and I was testing with libxul, which has a rather large symbol table. So yes, it's not really a legitimate use case. I was just delighted that my script worked at all, and then disappointed that I couldn't inspect the results because the output was only on the screen for a fraction of a second before the tab crashed.

(In reply to :kashav (he/him) from comment #1)

farre, any ideas for how to deal with this?

The message manager and window actors have explicit checks that the message it is trying to send isn't too large. See bug 1604609. Of course, if this is just a synthetic test case it might not be worth dealing with.

Wow! I guess the immediate thing is to disallow collecting too large data. That's easy enough to do. Maybe we should consider clearing a field in formdata if it grows to be too large. If someone inputs some kind of structured data, like, I don't know, a symbol table :D, it would be better to have no data rather than invalid data. On the other hand, if you've written your thesis in an input field, you might get a bit bummed out by that.

But yeah. Let's decide on an upper value to begin with. This has been a thing for old session store as well. The only thing we had before was the limit for session storage. Maybe use that for this as well.

Assignee: nobody → afarre
Flags: needinfo?(afarre)
Crash Signature: [@ mozilla::ipc::MessageChannel::Send | mozilla::ipc::MessageChannel::Send | mozilla::ipc::IProtocol::ChannelSend | IPC_Message_Name=PWindowGlobal::Msg_UpdateSessionStore] → [@ mozilla::ipc::MessageChannel::Send | mozilla::ipc::MessageChannel::Send | mozilla::ipc::IProtocol::ChannelSend | IPC_Message_Name=PWindowGlobal::Msg_UpdateSessionStore] [@ mozilla::ipc::MessageChannel::Send | mozilla::ipc::IProtocol::ChannelSend | IPC_…
Status: NEW → ASSIGNED

Add prefs:

  • browser.sessionstore.dom_form_limit
    Limit for how long a value from a form can be to be included in
    session store collection.

  • browser.sessionstore.dom_form_max_limit
    Limit how much total data we collect from forms from one site, as in
    the sum of length of values plus sum of length of xpath/id.

We need two limits, one for the size of values, and one for the total
size collected.

Depends on D125195

Pushed by afarre@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3660eb350c0d Part 1: Add prefs for max session store form entry size. r=kashav https://hg.mozilla.org/integration/autoland/rev/6bf3b9611e44 Part 2: Limit the size of form fields collected in session store. r=kashav https://hg.mozilla.org/integration/autoland/rev/646a73d6c26c Part 3: Test form value length limits for session store. r=kashav
Regressions: 1730776
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: