Closed Bug 459601 Opened 16 years ago Closed 16 years ago

Some RegExps might kill Firefox

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 330569

People

(Reporter: egil, Unassigned)

References

(
URL
)

Details

(Keywords: testcase)

Attachments

(1 file)

testcase
532 bytes, text/html
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3

If str is:
{{abc infobox abc |
abc = [[abc abc]] abc} |
abc = abc
}}

Than running this will kill your firefox:
str.replace(/\{\{([^|}]+ infobo[^|}]+)((?:[^{}]+|\{\{(?:[^{}]+|\{\{[^{}]+\}\})+\}\})+)\}\}/g, '');

Kill in terms of making it unusable as the script will run, and run consuming one of my processors.

This is not the only regexp that works like a killer for FF 3.0. It seems as if FF 3.0 has some serious bug in RegExp implementation.

Reproducible: Always

Steps to Reproduce:
1. Open ff_bug.htm (zipped in the given URL so you can see it before you run it)
2. Press test
Actual Results:  
Screams of panic ;) as all your work in HTML forms is lost.

Expected Results:  
Critical error message or "The script is running too long would you like to continue..." message.

It wouldn't be so serious if I would be able to close a problematic tab (just as you could if it would happen in Opera or Chrome).
Another exponential regexp from what I can see. I get a stop script dialog on mac os x for both 1.9.0 and 1.9.1.
Group: core-security
bc:  Does setting relimit cause us to throw an exception instead?
Assignee: nobody → general
Component: General → JavaScript Engine
Product: Firefox → Core
QA Contact: general → general
Attached file testcase 
Keywords: testcase

    
  
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE

    
    

    
  
bug 330569 closed more than year ago. this seels to be a new bug, or regression.

    
    

    
  
No, you need to use the "relimit" feature from about:config.  There is another bug about making that the default behavior.

    
    

    
  
Correct me if I'm wrong, but setting relimit affects only performance of RegExps and could save browser from looping endlessly... So why not set it default for 3.0.4 and 3.1? Or is it planned already?

    
    

    
  
Sorry to open again, but it still happens when you work on longer texts like:
http://pl.wikipedia.org/w/index.php?title=T-26&action=edit&oldid=13661689

just run this code (eg. with Firebug):
str = document.getElementById('wpTextbox1');
str.replace(/\{\{([^|}]+
infobo[^|}]+)((?:[^{}]+|\{\{(?:[^{}]+|\{\{[^{}]+\}\})+\}\})+)\}\}/g, '');
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---

    
    

    
  
(In reply to comment #9)

Cancel that - it showed a message to stop the script after some time on my other (faster) computer, so I expect it will show up on a slower one (1.5GHz) in some time :))...

Still the question from comment #8 stays.

    
    

    
  
As I said in comment #7, there is a bug about making the use of relimit be the default behavior, yes.  Since this bug is a dupe, please take discussion of it to the other bug, if you wish to continue.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago16 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: