Full Disclosure mailing list archives
innerHTML allocation size overflow crashes some browsers
From: Susam Pal <susam.pal () gmail com>
Date: Tue, 19 Jul 2011 23:36:57 +0530
If we try to consume more memory than available by constructing a long string, most browsers seem to handle this gracefully. For example, Firefox logs an "allocation size overflow" error in the JavaScript console for the following code: var a = 'a' for (var i = 0; i < 100; i++) { a += a } Example web page: http://susam.in/lab/allocation-size-overflow/var/ However, if we try to do a similar thing with the innerHTML property of an HTML element, some browsers crash. For me, Firefox 5.0 on Windows XP crashed for the following code but Iceweasel 6.0 on Debian (Wheezy) and Chrome 13 on Windows as well as Chrome 12 on Debian didn't. For some of my friends, Chrome crashed but Firefox didn't. var a = document.getElementById('foo') // There is a div element with id="foo" present in the page. for (i = 0; i < 100; i++) { a.innerHTML += a.innerHTML; } Example web page: http://susam.in/lab/allocation-size-overflow/innerhtml/ (This might crash your browser.) Susam Pal http://blog.susam.in/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- innerHTML allocation size overflow crashes some browsers Susam Pal (Jul 19)