Closed
Bug 244554
Opened 20 years ago
Closed 20 years ago
[FIX]Non-displayed invalid frames processed - bypasses recursion check resulting in memory leak / crash
Categories
(Core :: Layout: Images, Video, and HTML Frames, defect, P1)
Core
Layout: Images, Video, and HTML Frames
Tracking
()
RESOLVED
FIXED
mozilla1.8alpha2
People
(Reporter: megabyte, Assigned: bzbarsky)
References
()
Details
(4 keywords, Whiteboard: fixed-aviary1.0)
Attachments
(2 files)
49 bytes,
text/html
|
Details | |
4.32 KB,
patch
|
jst
:
review+
jst
:
superreview+
chofmann
:
approval1.7+
|
Details | Diff | Splinter Review |
If a <frame> occurs after the number of frames specified in its containing
<frameset>, it is still processed even though it is not displayed and ought to
be invalid markup. The real problem with this is that the recursive frame
checks (bug 8065) do not take place so a recursive frame will cause 100% CPU
usage and unbounded memory increase (until crash).
Unfortunately the Blackboard software at Virginia Tech currently does this
(you'll need an account to see the problem, so I'll attach a minimized testcase).
Reporter | ||
Comment 1•20 years ago
|
||
Reporter | ||
Comment 2•20 years ago
|
||
By the way, save and load the testcase locally for full effect since the network
can slow down the problem. Since the testcase is reduced, there is no content
on the page; therefore, the memory leak isn't as bad as it would be on a real
world site.
Reporter | ||
Updated•20 years ago
|
Summary: Non-displayed invalid frames processed - bypasses recursion check → Non-displayed invalid frames processed - bypasses recursion check resulting in memory leak / crash
Assignee | ||
Comment 3•20 years ago
|
||
Processing the frame is right, I think. But the way we were parenting
docshells was absolutely and totally bogus.
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Assignee | ||
Updated•20 years ago
|
Attachment #149480 -
Flags: superreview?(jst)
Attachment #149480 -
Flags: review?(jst)
Assignee | ||
Comment 4•20 years ago
|
||
Thanks for the excellent testcase, Aaron!
OS: Windows Server 2003 → All
Priority: -- → P1
Hardware: PC → All
Summary: Non-displayed invalid frames processed - bypasses recursion check resulting in memory leak / crash → [FIX]Non-displayed invalid frames processed - bypasses recursion check resulting in memory leak / crash
Target Milestone: --- → mozilla1.8alpha2
Comment 5•20 years ago
|
||
Comment on attachment 149480 [details] [diff] [review]
Fix the docshell parenting
Hmm, I wonder what kind of reason I had for that code when I originally wrote
the frame loader :-)
r+sr=jst
Attachment #149480 -
Flags: superreview?(jst)
Attachment #149480 -
Flags: superreview+
Attachment #149480 -
Flags: review?(jst)
Attachment #149480 -
Flags: review+
Assignee | ||
Comment 6•20 years ago
|
||
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 7•20 years ago
|
||
Can this get into the branches? I'd really hate to see this in Firefox 1.0.
Flags: blocking1.7?
Assignee | ||
Comment 8•20 years ago
|
||
Comment on attachment 149480 [details] [diff] [review]
Fix the docshell parenting
Yeah, it may make sense to get this on the 1.7 branch. It's a safe change.
For aviary, it's not clear to me what the review or checkin procedures are, so
ping the firefox folks about it if you want this in Firefox 1.0.
Attachment #149480 -
Flags: approval1.7?
Comment 9•20 years ago
|
||
Comment on attachment 149480 [details] [diff] [review]
Fix the docshell parenting
a=chofmann for 1.7
Attachment #149480 -
Flags: approval1.7? → approval1.7+
Updated•20 years ago
|
Flags: blocking1.7? → blocking1.7+
Comment 10•20 years ago
|
||
fixed on branch:
2004-06-01 08:34 bzbarsky%mit.edu mozilla/content/base/src/nsFrameLoader.cpp
1.37.2.1
Keywords: fixed1.7
Comment 11•20 years ago
|
||
for the record, mconnor checked this into the aviary branch (along with a bunch
of other 1.7 branch fixes)
Updated•20 years ago
|
Whiteboard: fixed-aviary1.0
Updated•6 years ago
|
Product: Core → Core Graveyard
Updated•6 years ago
|
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•