Stack exhaustion crash with baseURI recursion

NEW
Unassigned

Status

()

P5
critical
10 years ago
3 months ago

People

(Reporter: WeirdAl, Unassigned)

Tracking

({crash, testcase})

Trunk
x86
Windows XP
crash, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [ccbr] [sg:dos] stack exhaustion)

Attachments

(1 attachment)

(Reporter)

Description

10 years ago
Created attachment 342678 [details]
crash testcase

Testcase attached.  I discovered this stack overflow as a result of a bug in Skyfire code I wrote.

With the build I tested, I actually got four thousand elements deep into the DOM before we hit the overflow.
Whiteboard: [sg:dos] stack overflow
Alex's testcase crashes for me.

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.3a1pre) Gecko/20090919 Minefield/3.7a1pre

Btw, Breakpad does well with stack exhaustion now:
bp-da2ccdf6-9704-4a21-a47e-c1c432090919 shows both the top and bottom.
Whiteboard: [sg:dos] stack overflow → [ccbr] [sg:dos] stack overflow
So this is just creating a DOM tree 2e6 nodes deep and then trying to run a recursive algorithm on it, right?

I thought we'd decided to call these "stack exhaustion" not "stack overflow"....

Updated

9 years ago
Summary: Stack overflow crash with baseURI recursion → Stack exhaustion crash with baseURI recursion
Whiteboard: [ccbr] [sg:dos] stack overflow → [ccbr] [sg:dos] stack exhaustion
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.