MantisBT - NetSurf | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0002874 | NetSurf | Javascript | public | 2024-05-28 14:02 | 2024-05-28 14:02 |
| Reporter | Felix Albrigtsen | ||||
|---|---|---|---|---|---|
| Assigned To | |||||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | GTK | OS | Linux | OS Version | Debian 13 Trixie |
| Product Version | 3.11 | ||||
| Target Version | Fixed in Version | ||||
| Fixed in CI build # | |||||
| Reported in CI build # | |||||
| URL of problem page | |||||
| Summary | 0002874: Extreme resource use allowed in JavaScript | ||||
| Description | When NetSurf opens the HTML file shown below, it consumes 100% of a CPU core and at least 30 GB of memory, with no safeguards, meaning it will continue consuming memory until it is eventually done, or the system's OOM killer stops NetSurf or kills another process. The root of this issue might be in the Duktape JavaScript engine itself, and be out of scope here? However, it seems to me to be two-parted, both that the “normalize()”-function is very inefficient on this type of input, but also that neither NetSurf nor Duktape have any limits for duration or memory usage of a function like this. The specific example shown here uses a complex series of left and right angle brackets to confuse the normalize-function, but I find it surprising that such a short HTML file can make the OOM killer take down my entire window manager. | ||||
| Steps To Reproduce | - Build/Install NetSurf 3.11, for example from the Debian 13 repositories (`# apt install netsurf-gtk`) - Enable Javascript in Preferences - Open a page with some resource intensive JavaScript (For example, with the file ./normalize.html, run `$ netsurf-gtk file://$(pwd)/normalize.html`) For example this HTML file: <html> <head> <style> ><<>><><<>><>><<<<>><><><<>>>><<<<>><<><<>>><<><>>><>><<><<>><<>><<<<<<>>><>><><><><<>><><<<<>><>>><><><<><>>><><><><>><<<<>>>><>><><<<<<><><<<>>>>>>>>>><>>><<<<<<<<<<>>>>><><<<>>><>>>>>><>><<<<><<><>><<>><><<<>>>>>>>><<<>>>><<><<<<<><><><>><>><<<>><<<><><<<>>>>><><<>>>><>>><<<<<<<<>>><<<>>>><>>>>>><><>><><>><><>>>>><<>><<>>>><<>><><<>><><<><<>><><<<>>><<><><<<><>><<><<>><><<<<<<<<<<>><>><><<>>><> </style> </head> <body> <script> document.head.normalize() </script> </body> </html> | ||||
| Additional Information | Tested with NetSurf 3.11 on Debian(testing) and NixOS (unstable). Requires JavaScript to be enabled. I have not tested any other platforms. | ||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| There are no notes attached to this issue. |
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
|---|---|---|---|---|---|
| 2024-05-28 14:02 | Felix Albrigtsen | New Issue | |||