New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 725302 link

Starred by 2 users
Status: Verified
Owner:
zoeclifford@chromium.org
Last visit > 30 days ago
Closed: Dec 2017
Cc:
jbroman@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug



Sign in to add a comment

DispatchMessages's loop may never exit if a postmessage event is sent from inside an onmessage event.

Project Member Reported by zoeclifford@chromium.org, May 23 2017 
Chrome Version: 58.0.3029.96 (Official Build) (64-bit)
OS: Ubuntu Linux.

What steps will reproduce the problem?
(1) Open attached testcase.
(2) Note that 'pass' is never printed to the console.

What is the expected result?
'pass' should be printed. Chromium should not use 100% CPU.

What happens instead?
'pass' is never printed, the devtools frontend becomes mostly broken and unresponsive, and 100% CPU is used. 

This is all because this loop [1] loops forever without breaking.
Would it be reasonable to either dispatch events after the loop finishes, or to put an upper-bound on the number of loop iterations?

[1]
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/dom/MessagePort.cpp?rcl=b161bd6231fc5c89e2c92931b2d55820762464f7&l=198
index.html
388 bytes View Download

Comment 1 by mek@chromium.org, May 23 2017

Labels: Hotlist-Interop
For correctness and spec compliance the message port code should also be posting tasks rather than synchronously executing message events. Shouldn't be hard to make a web platform test out of the attached test case.

Comment 2 by mek@chromium.org, May 23 2017 

Actually, maybe spec compliance is okay, since these are distinct task sources... But yeah, definitely agree that the current behavior is not desirable.

Comment 3 by mek@chromium.org, Jul 5 2017 

 Issue 739452  has been merged into this issue.

Comment 4 by mek@chromium.org, Sep 28 2017

Owner: zoeclifford@chromium.org
Status: Started (was: Untriaged)
Project Member

Comment 5 by bugdroid1@chromium.org, Oct 12 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/86abd6768897a63d8c4e1b2acae9764928c0def7

commit 86abd6768897a63d8c4e1b2acae9764928c0def7
Author: Zoe Clifford <zoeclifford@chromium.org>
Date: Thu Oct 12 20:08:24 2017

Fix an infinite-loop case in MessagePort.cpp

MessagePort::DispatchMessages is called when there's a pending message
on the (mojo) message port message queue. It iterates through every
pending message on the queue, dispatching message events for each.

However when a message event is dispatched it may cause another message
to be pushed to the queue, causing the while loop to never exit, and
completely freezing the renderer process.

This changes the code to dispatch a maximum number of message events per
task to break this loop.

Bug:  725302 
Change-Id: I1ed4ba98b2c6c2b334601fd1d5ba41709487dfd9
Reviewed-on: https://chromium-review.googlesource.com/676174
Commit-Queue: Zoe Clifford <zoeclifford@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#508422}
[add] https://crrev.com/86abd6768897a63d8c4e1b2acae9764928c0def7/third_party/WebKit/LayoutTests/external/wpt/webmessaging/MessageEvent_onmessage_postMessage_infinite_loop.html
[modify] https://crrev.com/86abd6768897a63d8c4e1b2acae9764928c0def7/third_party/WebKit/Source/core/dom/MessagePort.cpp

Comment 6 by zoeclifford@chromium.org, Dec 20 2017

Status: Verified (was: Started)

Sign in to add a comment