Attachment #547534 - Attachment mime type: application/octet-stream → application/zip
The script creates an deep tree of HTML table elements, using innerHTML. I do get an "Unresponsive Script" warning dialog and if I click Stop I can then close the tab and no harm is done. If I click Continue it eventually runs out of memory. So this looks like a bug we're already well aware of.
Whiteboard: [sg:dos oom]
Attachment #547534 - Attachment mime type: application/zip → application/java-archive
How does this become recursive? There's only one <div> in the html to start with and the innerHTML that adds more isn't called until the getElementsByTagName list is already returned.
Created attachment 547602 [details] log The collection returned by getElementsByTagName is a /live/ collection, see: https://developer.mozilla.org/en/DOM/element.getElementsByTagName http://www.whatwg.org/specs/web-apps/current-work/multipage/urls.html#collections-0 so when this loops inserts new <div>s the become part of what you're looping over. Here's value of document.body.innerHTML for the first few iterations. I printed the values of 'i' and 'doc.length' as well.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash, testcase
Closing because no crash reported since 12 weeks.
Status: NEW → RESOLVED
Last Resolved: 2 months ago
Resolution: --- → WONTFIX
Reopening because crash bugs **with testcases** should not be resolved **as WONTFIX** based on queries of crash-stats. Other resolutions may be appropriate for other reasons. (Crash signatures are not the same as bug identity; they're merely a search aid to find and group similar crashes. The bug may still be present, but the signature may have changed slightly, or the bug may even still be present with the same signature but there are simply no recent reports of crashes in that function.)
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
You need to log in before you can comment on or make changes to this bug.