race condition causes system to use 100% of CPU Resources

[Zombie-Ryushu]

http://www.foreverymom.com/this-hilarious-mom-ranting-over-her-grocery-store-remodel-is-all-of-us/

This site triggers a Race condition that will make firefox and the plugin container use 100% of all possible CPU resources. Reverting to Netscape Flash resolves the issue. This is with Pepper Flash 23.0.0.213 and FreshPlayerPlugin 0.3.5

[Zombie-Ryushu]

[fresh] [error] [NP] caught Xlib error 2
[fresh] [error] [NP] caught Xlib error 2
[fresh] [error] [NP] caught Xlib error 4
[fresh] [error] [NP] caught Xlib error 4
[fresh] [error] [NP] caught Xlib error 9
[fresh] [error] [NP] caught Xlib error 9
[fresh] [error] [NP] caught Xlib error 171
[fresh] [error] [NP] caught Xlib error 171
[fresh] [error] ppb_graphics3d_create, glXMakeCurrent failed
[fresh] [error] ppb_graphics3d_create, glXMakeCurrent failed
[fresh] [error] [NP] caught Xlib error 2
[fresh] [error] [NP] caught Xlib error 2
[fresh] [error] [NP] caught Xlib error 4
[fresh] [error] [NP] caught Xlib error 4
[fresh] [error] [NP] caught Xlib error 9
[fresh] [error] [NP] caught Xlib error 9
[fresh] [error] [NP] caught Xlib error 171
[fresh] [error] [NP] caught Xlib error 171
[fresh] [error] ppb_graphics3d_create, glXMakeCurrent failed
[fresh] [error] ppb_graphics3d_create, glXMakeCurrent failed

Make sure you have Adblock disabled before trying this. Adblock will stop the Flash ad that creates the problem.

[Zombie-Ryushu]

This does not effect Chromium.

[i-rinat]

Today I realized that first time I tried to open that site, Firefox had a tracking protection activated, which blocked most parts of the page.

Now I can see the page content. It makes a noticable CPU load, but plugin-container process is barely visible in top output. In other words, I can't reproduce the bug.

[i-rinat]

[fresh] [error] ppb_graphics3d_create, glXMakeCurrent failed

High CPU load may be a consequence of failed 3d context creation. PepperFlash switches to PPB_Graphics2D, which implementation in freshplayerplugin is quite CPU-intensive. As for NPAPI Flash, it could be that VDPAU is used for scaling, lowering CPU usage.

[Zombie-Ryushu]

I think there is malicious flash coding in that site, and the malicious coding is creating the issue. I think that in some instances, malicious code may cause the high CPU usage. There need to be protections against that.

[i-rinat]

malicious code may cause the high CPU usage. There need to be protections against that.

There is a inherent property of NPAPI — synchronous Javascript queries in both directions, from browser to a plugin and from plugin to a browser. And that property makes it impossible to make any protection against eating CPU. Say, some Flash movie makes a long calculations in its main thread. If browser tries to make a query, it will wait until plugin's main thread will process it. Since that never happen, browser thread stalls. And as Firefox uses the same set of threads to draw all tabs and its interface, whole browser freezes.

To make such protection, browser part of interface needs to be changed in non-compatible way. Which was kind of made in PPAPI in Chromium. In PPAPI almost every call is asynchronous, so such freezes are extremely unlikely.

Firefox have some sort of protection — timeouts. By default, if plugin fails to respond in 60 seconds, plugin host process is terminated.