Closed Bug 288396 Opened 20 years ago Closed 10 years ago

Endless loop writing to a Form hangs Firefox

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: cardshark1985, Unassigned)

Details

(Keywords: hang)

Attachments

(1 file, 1 obsolete file)

Crashing code alone.
1.52 KB, text/html
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 I had a hard time classifing this because critical seemed to small, when you load this code it will create an endless loop that will continue to write to a small text box. This causes my computer to crash, not JUST fx, but Windows. The Blue screen of Death occers, note: this is driver spacific but it will always cause fx to not respond. A cap should be placed on both mem and repatition to fix this. Reproducible: Always Steps to Reproduce: 1.Go to my attatchment 2.press go Actual Results: on MY computer, Blue screen of Death. Expected Results: I wanted it to burn out my Hard Drive and cause my computer to catch fire. j/k The device driver(ialmrns) got stuck in an infinate loop.
The BSOD is a problem with your system, not a Firefox one. I but I can confirm that Mozilla hangs
Assignee: bugs → general
Severity: blocker → critical
Status: UNCONFIRMED → NEW
Component: OS Integration → DOM: Level 0
Ever confirmed: true
Keywords: hang
Product: Firefox → Core
QA Contact: os-integration → ian
Summary: When an endless loop is makes text in a small text box in javascript it CAN cause Windows to crash. → Endless loop writing to a Form hangs Firefox
Version: unspecified → Trunk
(In reply to comment #2) > The BSOD is a problem with your system, not a Firefox one. > I but I can confirm that Mozilla hangs Right, the BSoD is Driver dependant, but I have been able to reproduce it in 2 of 12 comps it was tested on.. the 2 had dif. drivers too.
So this is interesting. I'm guessing that the dom branch callback limit just isn't hit until we've been doing this for a while, since there's very little JS here and lots of waiting on the native code...
Did some testing, at timeless's suggestion. We kill off the recursion at a depth of 1000 or so in current builds. That takes about 75 seconds to get to on my machine on that testcase.
Hmm.. what are we failing at here? it just seems like a normal js recursion and a lot of setting .value on an <input>. Neither of these things should cause problems, even though the value-string might be a bit long I guess. Or are we running out of stackspace?
> Or are we running out of stackspace? When we kill off the recursion, yes. The real failure is that we completely freeze up the browser for over a minute instead of popping up our nice "this script is running too long" dialog... ;)
So it sounds like there's two separate issues here: 1. JS-recursion is allowed to run so far that we run out of stackspace and crash 2. When performing heavy js for too long we don't pop up a warning letting the user abort. Or are they related somehow?
> 1. JS-recursion is allowed to run so far that we run out of stackspace and > crash In a current build on Linux, that is not the case. It runs till it hits the stack size limit we set on the JSEng, then it's killed. No crash. > 2. When performing heavy js for too long we don't pop up a warning letting the > user abort. More precisely, when performing very time-consuming operations that look like single statements to JS...
Didn't we recently switch to using wall-clock timing for JS run time?
We did, but checking the wall-clock time is a pretty expensive operation, so we do it only so often, in numbers of JS statements. In particular, we first check the time at 256 iterations of a loop or whatever it is that triggers the branch callback, and check it at 4096-iteration intervals thereafter...
Attached file Crashing code alone.
Majorly cleaned up the code, only the problem is here now with several of my tests.
Attachment #179138 - Attachment is obsolete: true
Attachment #183566 - Attachment description: My test Cases. → Crashing code alone.
Still an issue with lateset build of DeerPark Alpha 2
Assignee: general → nobody
QA Contact: ian → general
Just looking at an old bug. All infinite recession is now fixed with either allocation size overflow or script timeout.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: