while(true) {window.open(...);} hangs Firefox

VERIFIED FIXED in Firefox 65

Status

()

defect
P3
normal
VERIFIED FIXED
8 years ago
4 months ago

People

(Reporter: kaisellgren, Assigned: johannh)

Tracking

(Depends on 1 bug, Blocks 1 bug, {csectype-dos, testcase})

6 Branch
Firefox 65
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox65 verified)

Details

(Whiteboard: [sg:dos])

Attachments

(1 attachment)

Reporter

Description

8 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1

Steps to reproduce:

I ran this script:

while (true) {window.open('http://google.fi');}


Actual results:

Firefox crashed.


Expected results:

Firefox should pop up "Do you want to terminate the script?" and actually terminate it.
Group: core-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash, testcase
Whiteboard: [sg:dos]
Reporter

Comment 1

8 years ago
I noticed an interesting thing. Firefox has this ad-block support. The right side handle allows you to enable specific pop-ups that were about to open. This list keeps getting bigger and bigger with each window.open() call so maybe the issue lies with that (the drop down getting enormous)?

Updated

7 years ago
Severity: normal → critical
Duplicate of this bug: 769760

Updated

4 years ago
Duplicate of this bug: 1193292

Updated

4 years ago
Duplicate of this bug: 1169918

Updated

4 years ago
Blocks: eviltraps

Comment 5

4 years ago
The Platform field says "Windows 7", but the problem occurs under Linux too. Actually, with Fvwm + manual window placement, this is worse, as this completely blocks the whole desktop UI.

Updated

4 years ago
OS: Windows 7 → All
Hardware: x86_64 → All

Updated

4 years ago
Duplicate of this bug: 1203439

Updated

4 years ago
Duplicate of this bug: 1209016

Updated

4 years ago
Duplicate of this bug: 1214500

Comment 9

4 years ago
An update I got yestaday has rendered another instance of this bug useless what would happen is if the window.open(string) is small it will just hang and you have to close it with taskman but if you increase the length of the string to let's say 10000 now open it and Firefox will hang then close with oom crash long and if you check it out in a debugger an addres of unk_xxxxxx gets over written with a section of the string you place in the ver and as of the update yestaday this no longer happens but the crash is happning in xul.dll unable to write 0x0 to invalid address 0x0000000

Updated

3 years ago
Duplicate of this bug: 1242286
Depends on: 1269917

Updated

2 years ago
Duplicate of this bug: 1338966

Updated

2 years ago
Duplicate of this bug: 1339352
Triaging bugs at the moment and this one seems like an exact duplicate of Bug 676975. It also relies on the window.open() annoy mechanism.
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → DUPLICATE
Duplicate of bug: 676975
Sorry, this is the right duplicate.
Duplicate of bug: 675574
Assignee

Updated

a year ago
Duplicate of this bug: 1444752
Assignee

Comment 16

a year ago
As mentioned in bug 1444752, I don't think this is a dupe. Bug 675574 is about opening infinite popups when being allowed to open (such as in event handling context), while this one is about the crash/hang/slowness (with e10s on) that results in blocking a large number of popups.

I'd say bug 675574 is much worse, but this one seems easy to solve or at least easy to experiment with a solution for. My theory is that this gets fixed by throttling sending or receiving the DOMPopupBlocked event.
Severity: critical → normal
Status: RESOLVED → REOPENED
Keywords: crash, csectype-oom
Priority: -- → P3
Resolution: DUPLICATE → ---
Assignee

Updated

a year ago
Summary: while(true) {window.open(...);} crashes Firefox → while(true) {window.open(...);} hangs Firefox
Assignee

Updated

7 months ago
Assignee: nobody → jhofmann
Status: REOPENED → ASSIGNED
Attachment #9023259 - Attachment description: Bug 685828 - Limit displaying blocked popups in the front-end. r=Gijs!,baku → Bug 685828 - Limit displaying blocked popups in the front-end. r=Gijs,baku

Comment 18

7 months ago
Pushed by jhofmann@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/74807b4c104a
Limit displaying blocked popups in the front-end. r=Gijs

Comment 19

7 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/74807b4c104a
Status: ASSIGNED → RESOLVED
Last Resolved: a year ago7 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 65
Flags: qe-verify+

I managed to reproduce the crash on Firefox 9.0a1 (2011-09-03), under Windows 10x64.
The issue is not reproducible on Firefox 66.0a1 (2019-01-09), or on Firefox 65.0b9, under Windows 10x64 and under macOS 10.12.6.

On Ubuntu 18.04x64, after running the script from comment 0, the computer hangs, without the possibility of doing anything for closing Firefox or stopping the script (computer needs to be restarted).

Johann, should I open a separate bug for Ubuntu, or it's ok to reopen this one?

Flags: needinfo?(jhofmann)
Assignee

Comment 21

4 months ago

(In reply to Mihai Boldan, QA [:mboldan] from comment #20)

I managed to reproduce the crash on Firefox 9.0a1 (2011-09-03), under Windows 10x64.
The issue is not reproducible on Firefox 66.0a1 (2019-01-09), or on Firefox 65.0b9, under Windows 10x64 and under macOS 10.12.6.

On Ubuntu 18.04x64, after running the script from comment 0, the computer hangs, without the possibility of doing anything for closing Firefox or stopping the script (computer needs to be restarted).

Johann, should I open a separate bug for Ubuntu, or it's ok to reopen this one?

I can't reproduce this on Ubuntu. How do you execute the script?

Flags: needinfo?(jhofmann) → needinfo?(mihai.boldan)

It seems that the issue is no longer reproducible on Ubuntu OS. I've tested it on Firefox 65.0b11, under Ubuntu 16.04x64 and under Ubuntu 18.04x64.
The script was run from the Web Console.
Since no crash or hangs were occurred, and bug 1519095 was logged for the wrong pop-up message, I am marking this issue as Verified Fixed.
More details about the testing environment can be seen in Comment 20.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
Flags: needinfo?(mihai.boldan)
You need to log in before you can comment on or make changes to this bug.