"while (true) { Notification.requestPermission(); }" causes the whole browser to crash
Reported by
runem...@gmail.com,
Dec 26 2016
|
||||||||||||||
Issue description
UserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Steps to reproduce the problem:
1. Run the following javascript: while (true) { Notification.requestPermission(); }
What is the expected behavior?
What went wrong?
Running that script causes the main browser process to increase in memory until Windows hangs when it starts filling the swap. This is similar to the crashsafari.com bug.
Crashed report ID:
How much crashed? Whole browser
Is it a problem with a plugin? N/A
Did this work before? N/A
Chrome version: 55.0.2883.87 Channel: stable
OS Version: 6.3
Flash Version: Shockwave Flash 24.0 r0
,
Dec 27 2016
,
Dec 27 2016
Able to reproduce this issue on windows 10,Ubuntu 14.04 and Mac 10.12.2 using chrome stable M55-55.0.2883.87 and earlier version of chrome M30-30.0.1595.0. This is a non-regression issue and marking it as untriaged. Please look into the attached screen-cast. Note: ------ Same behavior is seen on latest Firefox. Observed that in M30 version, it took around 40 sec to browser crash, where as in latest canary version it took only 5-8 sec to crash. Thank You...
,
Jan 6 2017
,
Jan 10 2017
timloh: this could be a good first bug :)
,
Jan 17 2017
I think what happens is each Notification.requestPermission() does a Mojo IPC to the browser, which goes into PermissionManager::RequestPermissions which stores the request in pending_requests_. Since we're doing IPCs to the browser process in an infinite loop it's unsurprising that it locks up the browser, and the memory increase is just due to a steady accumulation of permission requests and promises (which the API returns). Interestingly, navigator.geolocation.getCurrentPosition() doesn't fail quite as badly because it only sends an IPC for the first call (see Geolocation::requestPermission()), but all the other functions which request permission similar lock up the browser in an infinite loop. Given that there isn't a use case for calling Notification.requestPermission() thousands of times, I'm inclined to close this as WontFix -- this doesn't seem to me like something we should worry about fixing.
,
Jan 31 2017
Thanks for the analysis Tim. This isn't great, individual web sites shouldn't be able to bring down the entire browser. Reopening for now to see if anyone has brilliant ideas. Sam - any ideas? Is this something the Mojo team have come across / have opinions on?
,
Jan 31 2017
,
Jan 31 2017
This has been discussed in bug 584775 . The verdict is that something on the browser side should drop duplicate requests.
,
Jan 31 2017
Looks like this probably isn't a good first bug - Tim, do you want to punt it to someone else?
,
Feb 1 2017
cc kinuko@ since this definitely would be a candidate for IPC scheduling
,
Mar 7 2017
,
Nov 10 2017
,
Feb 16 2018
Unassigning myself since I won't get to this.
,
Feb 18 2018
,
Sep 13
Archiving old bugs that haven't been actively assigned in over 180 days. If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks! |
||||||||||||||
►
Sign in to add a comment |
||||||||||||||
Comment 1 by runem...@gmail.com
, Dec 26 2016136 bytes
136 bytes View Download