Open
Bug 798374
Opened 13 years ago
Updated 11 months ago
SVG nested patterns allow exponential entity-expansion explosion, leading to hangs, arbitrarily-high memory usage & swapping, and eventual content-process crash
Categories
(Core :: SVG, defect)
Core
SVG
Tracking
()
NEW
People
(Reporter: bugreports, Unassigned)
References
()
Details
(6 keywords, Whiteboard: [in-the-wild] [external-report])
Attachments
(1 file)
|
8.49 KB,
image/svg+xml
|
Details |
SVG image demonstrating bug
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0.1
Build ID: 20120905151427
Steps to reproduce:
Loaded the attached file.
Inspired by 'Billion Laughs' [1] the attached file contains an SVG pattern containing ten elements, each styled with an SVG pattern containing ten elements, each styled with an SVG pattern containing ten elements and so on for nine levels.
[1] http://en.wikipedia.org/wiki/Billion_laughs
Actual results:
Nothing displays; the window stops repainting, CPU usage rises to 100% and I have to kill the browser.
Expected results:
An error message or something similar.
|
||
Updated•13 years ago
|
Component: Untriaged → SVG
Product: Firefox → Core
|
Reporter | |
Comment 1•13 years ago
|
||
|
|
||
Comment 2•13 years ago
|
||
Opera suffers from this too. Does any existing UA produce such a message?
|
|
Reporter | |
Comment 3•13 years ago
|
||
Not that I know of; chrome also has trouble, but with its process-per-tab architecture it doesn't lock up the entire browser.
|
||
Updated•13 years ago
|
|
||
Updated•12 years ago
|
Whiteboard: [in-the-wild] [external-report]
|
||
Comment 4•11 years ago
|
||
Same on Chromium: https://code.google.com/p/chromium/issues/detail?id=231562.
|
|
||
Comment 5•9 years ago
|
||
Chromium 48 does not have this problem any more. Finally I got to see that image :-)
|
|
||
Comment 6•9 years ago
|
||
Duplicate of: https://bugzilla.mozilla.org/show_bug.cgi?id=455100
I am still able to reproduce the bug somehow but it never loads the attachment, I keeps loading and i have to close the tab
Tested on windows10 64bit with firefox release 89.0.2
|
||
Updated•3 years ago
|
Severity: critical → S2
|
||
Updated•3 years ago
|
Severity: S2 → S3
|
|
||
Updated•2 years ago
|
See Also: → https://bugs.webkit.org/show_bug.cgi?id=263349
|
|
||
Updated•2 years ago
|
OS: Windows XP → All
Hardware: x86 → All
Summary: SVG nested patterns allow entity expansion crash → SVG nested patterns allow entity expansion crash, leading to hangs, arbitrarily-high memory usage & swapping, and eventual content-process crash
Version: 15 Branch → Trunk
|
|
||
Updated•2 years ago
|
Summary: SVG nested patterns allow entity expansion crash, leading to hangs, arbitrarily-high memory usage & swapping, and eventual content-process crash → SVG nested patterns allow exponential entity-expansion explosion, leading to hangs, arbitrarily-high memory usage & swapping, and eventual content-process crash
|
||
Updated•11 months ago
|
Keywords: csectype-dos,
csectype-oom
See Also: → 455100
You need to log in
before you can comment on or make changes to this bug.
Description
•