The Anarcat ha scritto:
Actually, this also crashes Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.3) Gecko/20070310 Iceweasel/2.0.0.3 (Debian-2.0.0.3-1)
I would think that Firefox and most browsers implementing javascript
would die an horrible OOM death on this.
Actually, FF on Linux just slows down for a while... memory allocation
(RSS) for the process goes up untill it reaches ~800Mb, then I see an
"out of memory" error in FF's javascript console and then... nothing.
No crashes of any kind.
Kernel's OOMkiller didn't got involved.
Disk I/O skyrocketed - of course - beacuse the system started to swap
pretty soon (on a machine with 1Gb of physical memory).
It seems Firefox's JS engine is smart enough to catch the problem and
shut down the bad script before it's too late... to the point I was able
to browse normally after the tests, without any noticeable after-effect.
Also it seems that other people were doing their little experiments on
this issue before anyone of us:
http://datadriven.com.au/2007/02/07/javascript-recursion-experiment/
This guy also tested Opera, not just IE & FF: he was looking for OOM
problems in the variuos JS engines and for problems in detecting and
halting infinite recursions too. He reached the conclusion that Opera
seems to be the one reacting better to those two issues, although I
can't confirm (I just don't bother).
I found the link after 2 minutes, searching on Google (using the same FF
instance I "tested", by the way ;-) ).
Tested PoC on:
- Firefox/2.0.0.1
- Linux 2.6.18.2
- GNU libc 2.3.6
- GCC 3.4.4
--
SC
