eval crashes the browser

Question

eval crashes the browser

pycage opened this issue 4 years ago · comments

While working a lot with loading JavaScript modules dynamically, I noticed that the browser was prone to crash.
I was able to reduce the crash scenario to this minimal example, which almost certainly crashes
the browser every time:

<!DOCTYPE html>
<html>
<body>
    <script>
        for (let i = 0; i < 100000; ++i) eval("const a = 42;");
    </script>
</body>
</html>

Raine Mäkeläinen · Answer 1 · Wed May 20 2020 00:53:25 GMT+0800 (China Standard Time)

Thank you for the report. We'll give a look.

David Llewellyn-Jones · Answer 2 · Thu May 21 2020 01:46:03 GMT+0800 (China Standard Time)

Here's a backtrace for the crash, running the nemo/45.9.1+git19 version of gecko-dev:

backtrace.txt

It looks like this crash may have been fixed by @adenexter's gecko-dev commit 72e2b943 (not in the current release build). I'm just double checking this now.

David Llewellyn-Jones · Answer 3 · Mon May 25 2020 20:44:02 GMT+0800 (China Standard Time)

Apparently it's not quite as simple as just applying 72e2b943. However, applying that along with the 9a33fc33 does seem to fix the issue.

David Llewellyn-Jones · Answer 4 · Tue May 26 2020 03:18:12 GMT+0800 (China Standard Time)

I take back my previous comment. Commit 72e2b943 is indeed enough to address this. The following PR is enough to fix it for the next release: https://git.sailfishos.org/mer-core/gecko-dev/merge_requests/96

@pycage: thanks for your excellent report and finding a minimal example for triggering the bug. It's been a big help.

David Llewellyn-Jones · Answer 5 · Tue May 26 2020 14:27:27 GMT+0800 (China Standard Time)

The changes for this have all been merged into gecko-dev master and the upgrade-3.3.0 branch, and will make it into the next release, so I'll close this now.

Raine Mäkeläinen · Answer 6 · Wed May 27 2020 14:37:40 GMT+0800 (China Standard Time)

Thank you @llewelld 👍