Open Bug 794416 Opened 8 years ago Updated 2 years ago

OOM Crash because user not given chance to stop runaway script.

Categories

(Core :: DOM: Core & HTML, defect, P5)

15 Branch
x86_64
Linux
defect

Tracking

()

UNCONFIRMED

People

(Reporter: bobbug, Unassigned)

Details

(Keywords: crash, csectype-oom, Whiteboard: [dupeme?])

Attachments

(2 files, 2 obsolete files)

Attached file te.js (obsolete) —
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1
Build ID: 20120907073726

Steps to reproduce:

I opened the page http://billhome.at/DidM/index.xhtml for testing my script, then I entered 1 = 1/1 + 1/5 there.

Unfortunately, if I inline the script (for attaching purposes), firefox behaves correctly (it tells me to stop the script); additionally, under MacOS (and maybe generall on systems with high RAM), firefox behaves correctly


Actual results:

After 1 = 1/1 + 1/, the page did not respond any longer, took huge amounts of RAM and then crashed (probably because too much RAM was taken).

The reason for this was an endless loop due to
ls = ls.leftSide;
instead of
expression.leftSide

(and the same for rs = rs.leftSide instead of rs = rs.rightSide)


Expected results:

Firefox should have displayed the "this page has a non-responding-script, abort it?" earlier so that firefox would not crash.
Attachment #664883 - Attachment is obsolete: true
Group: core-security
Component: Untriaged → DOM
Keywords: crash, csec-oom
Product: Firefox → Core
Summary: Crash (sometimes) because of too much RAM usage due to faulty script → OOM Crash because user not given chance to stop runaway script.
Whiteboard: [dupeme?]
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.