Crash report: https://crash-stats.mozilla.org/report/index/cd7c9e2e-ad7f-4475-9586-793150210709

MOZ_CRASH Reason: MOZ_CRASH(Unable to allocate memory)

Top 10 frames of crashing thread:

0 xul.dll ToNewUnicode xpcom/string/nsReadableUtils.cpp:124
1 xul.dll static nsClipboard::FindUnicodeFromPlainText widget/windows/nsClipboard.cpp:834
2 xul.dll static nsClipboard::GetDataFromDataObject widget/windows/nsClipboard.cpp:648
3 xul.dll nsClipboard::GetNativeClipboardData widget/windows/nsClipboard.cpp:1012
4 xul.dll nsBaseClipboard::GetData widget/nsBaseClipboard.cpp:74
5 xul.dll mozilla::TextEditor::PasteAsAction editor/libeditor/TextEditorDataTransfer.cpp:631
6 xul.dll mozilla::PasteCommand::DoCommand const editor/libeditor/EditorCommands.cpp:467
7 xul.dll mozilla::EditorCommand::DoCommand editor/libeditor/EditorCommands.cpp:65
8 xul.dll nsBaseCommandController::DoCommand dom/commandhandler/nsBaseCommandController.cpp:114
9 xul.dll NS_InvokeByIndex 

To replicate:

1. Copy a huge string, i.e., bigger than 250 MB.
2. Paste that string, into that input in the second search field, with the placeholder that states "Filter these messages <Ctrl+Shift+K"
3. App should crash
   I have not tested to other platforms.

TCW can you reproduce?

(In reply to Wayne Mery (:wsmwk) from comment #1)

TCW can you reproduce?

I'll have to say yes. Having a tough time understanding the STR. Still, I copied a 211MB text string into the search field and TB just shut down without a crash. I will say there is no hard limit on the amount of input a search field will accept which seems to lead to a DoS / OOM crash so maybe a hard limit on the amount of input the search input field can accept is probably a wise thing to do.

Arthur, thanks for testing, and confirming the crash. Was that using 32bit Thunderbird or 64? And do you recall which version?

(In reply to Wayne Mery (:wsmwk) from comment #3)

Arthur, thanks for testing, and confirming the crash. Was that using 32bit Thunderbird or 64? And do you recall which version?

64-bit. Right off the top of my head I don't remember exactly what version it was. Comment 2 was from 2021-07-14 @ 07:19:53 PDT so most likely it would have been 90.0b3.

I wanted to see if this was any better using 107.0b4 and I was still able to crash TB / search by pasting a 210MB text string into it: https://crash-stats.mozilla.org/report/index/f1e19353-881c-437c-a1a0-3ae540221113

Not a coder here but recalling my two semesters of having had taken Java (a la pseudo-code). Is it possible to design something in TB that works with the invocaction of the search field part and monitors the state of the OS clipboard and has some ceiling value set that says:

if clipboardSize <= 10MB
allowPasteClipboardContents(searchField);

else print.someTextWarning("Size of clipboard data is too large for the search field. Please reduce you copied text and try again")

Just thinking out loud here. Probably not a lot of folks hitting this but if disallowing them to even be able to do this is an option, maybe that's a simple fix?

Thanks for the updated info

(In reply to Wayne Mery (:wsmwk) from comment #7)

Thanks for the updated info

NP. Does bug title need to be updated to include @ mozilla::ipc::PortLink::SendMessage | IPC_Message_Name=PWebRenderBridge::Msg_SetDisplayList for easier search results?