Bug 138226

Summary:

XSSAuditor memory leak when posting large form

Product:

WebKit

Reporter:

Mohamed Fakhreddine <mofakhre>

Component:

WebCore Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED WONTFIX

Severity:

Normal

CC:

bfulgham, dbates

Priority:

Keywords:

Performance

Version:

528+ (Nightly build)

Hardware:

iPhone / iPad

OS:

iOS 7.0

Attachments:

Description	Flags
HTML file that causes Mobile Safari to crash.	none

Mohamed Fakhreddine

Reported 2014-10-30 13:17:47 PDT

Created attachment 240690 [details] HTML file that causes Mobile Safari to crash. Submitting certain forms to any endpoint that returns any response will cause XSSAuditor and JavaScriptCore to allocate hundreds of MB in memory until the process crashes, even when the form is just 6 MB in size. Attached is a sample message. Change the form target to anything that returns any response, or return a dummy response in Fiddler. Profiling in instruments shows thousands of allocations of 528 Bytes by: WTF::MallocHook::recordAllocation WTF::fastMalloc WebCore::SuffixTree WebCore::XSSAuditor WebCore::HTMLDocumentParser ... I can send the trace if requested (it seems I'm only allowed one attachment here).

Attachments
HTML file that causes Mobile Safari to crash. (3.63 MB, text/html) 2014-10-30 13:17 PDT, Mohamed Fakhreddine	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2021-09-21 14:29:37 PDT

The XSS Auditor is removed in Bug 230499.

Note You need to log in before you can comment on or make changes to this bug.