Bug 90028

Summary:	There is not an exit to escape out of the recursive call written wrong (freeze on bonds.finam.ru)
Product:	WebKit	Reporter:	Hojong Han <hojong.han>
Component:	JavaScriptCore	Assignee:	Nobody <webkit-unassigned>
Status:	UNCONFIRMED
Severity:	Major	CC:	ap, barraclough, ggaren, oliver, thenarant
Priority:	P1	Keywords:	NeedsReduction
Version:	528+ (Nightly build)
Hardware:	All
OS:	All

Hojong Han

Reported 2012-06-26 17:25:26 PDT

Webkit is locked up while loading "http://bonds.finam.ru/issue/info". What I've analyzed is that "http://bonds.finam.ru/scripts/lizard/library/base.js" causes sort of recursive call. Take a look into script codes below. ====================================================================================== Object.prototype.toString = Array.prototype.toString = Object.prototype.ToString = Array.prototype.ToString = function() { var cont = []; for (var k in this) { if (cont.length) cont[cont.length-1] += ","; var v = this[k]; var vs = ''; if (typeof(v) != 'undefined') { if (v != null) { if (typeof(v.constructor) != 'undefined') { try{ if (v.constructor == String) { s = v.split('\\').join('\\\\').split('"').join('\\"'); vs = '"'+s + '"'; } else { vs = v.toString(); } } catch(err) { } ... skip ... } ====================================================================================== Chrome, FireFox, some other browsers are not frozen while loading "http://bonds.finam.ru/issue/info". Is there any other way to detour this kind of problem?

Attachments
Add attachment proposed patch, testcase, etc.

Gavin Barraclough

Comment 1 2012-06-28 14:08:00 PDT

We used to support a timeout mechanism, but with WebKit2 we instead rely on the UI process shooting down the web process if it runs off out of control. It would be nice to have an efficient (non-polling) mechanism to be able to asynchronously interrupt execution. These bugs are related: https://bugs.webkit.org/show_bug.cgi?id=12637 https://bugs.webkit.org/show_bug.cgi?id=41765 The timeout mechanism may still work in the old JIT & classic interpreter, but probably won't be around for long. Mark Lam may be looking at an efficient mechanism to break out of JIT code based around DFG JIT speculation watchpoint, at some point in the near future. cheers, G.

Alexey Proskuryakov

Comment 2 2012-06-29 00:39:40 PDT

Reproduced with Safari 5.1.7. The freeze itself needs to be looked into, as well - this is a fairly important site. What makes us freeze while other browsers do not?

Gavin Barraclough

Comment 3 2012-06-29 10:55:54 PDT

Oh, sorry, maybe I misunderstood the problem – I read it as other browsers timing out & assumed a content issue, but re-reading I see that may not be the case.

Note You need to log in before you can comment on or make changes to this bug.