w3m consumes all memory and crashes computer

Bug #619500 reported by Tom Eastman
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
w3m (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: w3m

I'm not sure what program is using it, but some background process is causing w3m to make dumps of all html files in my home directory (perhaps an indexer or something?)

Unfortunately, I have an unpacked copy of the firefox source in there, and it includes this file:

firefox-3.6.6+nobinonly/build-tree/mozilla/layout/html/tests/table/bugs/bug141818.html

...which looks like this:

############################
<html>
<body>

<table class="DataBg" border="0" cellpadding="0" cellspacing="1" >

 <td align="center" class="DataHeader" width="2"
rowspan="9999999">&nbsp;</td>
    <td align="center" class="DataHeader" colspan="3"><div
class="margin3">Allocation Probability (%)</div></td>
  </tr>
</table>

</body>
</html>
#####################################

When w3m tries to open this file, it quickly exhausts all available memory and starts swapping massively, causing the machine to slow down so much sometimes a hard reboot is the only escape.

So this is really *two* bugs. The first one is that w3m can't open the file without dire consequences, and the second is that whatever is *using* w3m to index random files in my home directory is causing my entire computer to crash because of a certain file in there. I think this might count as a security vulnerability, because it's certainly a simple denial of service. The file just has to sit there.

Sorry I don't know what program is running w3m, maybe tracker-indexer? or maybe evolution-data-server?

So I think two things would need to be fixed:

 1. w3m, obviously
 2. Shouldn't there be some kind of resource limit on programs that are used to help do indexing? To stop this kind of thing happening in the future?

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: w3m 0.5.2-2.1ubuntu1.1
ProcVersionSignature: Ubuntu 2.6.32-24.39-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
Date: Wed Aug 18 09:58:28 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100427.1)
ProcEnviron:
 PATH=(cususername, user)
 LANG=en_NZ.UTF-8
 SHELL=/bin/bash
SourcePackage: w3m

Revision history for this message
Tom Eastman (tveastman) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

security vulnerability: yes → no
visibility: private → public
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package w3m - 0.5.2-10

---------------
w3m (0.5.2-10) unstable; urgency=low

  * debian/patches/010_upstream.patch: Sync with the upstream development
    snapshot on 2010-10-11.
    - Better non-ascii handling. (closes: #138891, #313365)
    - Introduce mailto_options. (closes: #473780)
    - All elements have the id attribute. (closes: #573789)
    - Define ATTR_ROWSPAN_MAX to check rowspan. (LP: #131993, LP: #619500)
    - Update the man page. (closes: #595534)
    - Add a FILES section to the man page. (closes: #403634)
    - Mention the -I option in the man page. (closes: #398260, #530515)
  * debian/patches/020_button.patch: Patch from upstream to support the
    button element. It is discussed upstream and incomplete, but enough to
    login Launchpad. (LP: #628755, closes: #136810)
  * debian/patches/040_maximum-cols.patch: Removed. (merged upstream)
  * debian/control, debian/rules: Use autotools-dev (>= 20100122) to update
    config.guess and config.sub.
  * debian/patches/020_config-guess.patch: Removed.
 -- Ubuntu Archive Auto-Sync <email address hidden> Sun, 17 Oct 2010 01:21:14 +0000

Changed in w3m (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers