Closed Bug 939440 Opened 11 years ago Closed 11 years ago

Out of memory silently causes empty blobs

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
25 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla28

People

(Reporter: nicolas.george, Assigned: baku)

Details

Attachments

(1 file, 1 obsolete file)

blob.patch
1.62 KB, patch
Details | Diff | Splinter Review 
Using the following minimal HTML file:

<script>
var test_array;
var test_blob;
function create_array() {
  test_array = new Uint8Array(512 * 1024 * 1024);
  for (var i = 0; i < test_array.length; i++)
    test_array[i] = i;
  alert("array created, length = " + test_array.length);
}
function create_blob() {
  test_blob = Blob([ test_array ], { type: "application/octet-stream" });
  alert("blob created, size = " + test_blob.size);
}
</script>
<p onclick="create_array()">create array</p>
<p onclick="create_blob()">create blob</p>

Using a blank browser, observe, with ps, VSZ before and after creating the blob. Then restart the browser limiting the VSZ to some intermediate value ("ulimit -v 1000000") and try again.

The size of the blob will be reported as 0 instead of 512 M. Creating an URL and using it to save the blob saves an empty file.

Some kind of error should be reported.

The problem was initially detected when using a blob to allot to save a 500 M file synthesized (from downloaded data and cryptography) in a 32-bits browser with already quite a few tabs.

In Chromium (30.0.1599.101-3 from Debian), the tab running the script shows the "this is embarrassing" crash message when creating the blob.
The issue is that in nsDOMMultipartFile::ParseBlobArrayArgument we just ignore the return value of blobSet.AppendVoidPtr.  We probably shouldn't.  Similar for the AppendArrayBuffer call?
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → DOM
Ever confirmed: true
Flags: needinfo?(khuey)
Yeah.
Assignee: nobody → amarchesini
Flags: needinfo?(khuey)
Attached patch blob.patch (obsolete) — Splinter Review 

        Attachment #8342530 -
        Flags: review?(bzbarsky)

    
    

    
  
Comment on attachment 8342530 [details] [diff] [review]
blob.patch

Can we add a test too?

And you can probably just declare rv where it's used instead of all the way at the top there.

r=me

        Attachment #8342530 -
        Flags: review?(bzbarsky) → review+

    
    

    
  

      
      
      
      

        Attached patch
          
          
        blob.patchSplinter Review
      

    


  
https://hg.mozilla.org/integration/mozilla-inbound/rev/d9133077f7cf

about the mochitest, do we have OOM tests? If yes, I'm happy to implement it in a follow-up. I don't find any example about how to simulate low memory environment.

        Attachment #8342530 -
        Attachment is obsolete: true

    
    

    
  
It ought to be possible to do this on 32-bit in general: just need big enough blobs to not fit in the address space and making sure that the exception is thrown on the right line.

    
    

    
  
I wrote a test but it's not reliable 100% of the cases because OOM is not always received by the Blob constructor. If some other component receives this OOM, ff crashes.

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/d9133077f7cf
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28

    
  
Flags: in-testsuite?
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: