VERIFIED FIXED 6373
REGRESSION: JavaScript hang when comparing large array to null 
https://bugs.webkit.org/show_bug.cgi?id=6373
Summary REGRESSION: JavaScript hang when comparing large array to null
mitz
Reported 2006-01-04 07:00:35 PST
Safari hangs on the above URL. It turns out that it's looping over a huge array in a ToString operation, with element->isUndefinedOrNull() in array_object.cpp:467 returning true all the time. Rolling out the changes to operations.cpp from the patch for bug 6268 fixes the problem.
Attachments
Fix (6.17 KB, patch)
2006-01-07 02:25 PST, Anders Carlsson 		mjs: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alice Liu
Comment 1 2006-01-05 14:57:23 PST
<rdar://problem/4400333>
Eric Seidel (no email)
Comment 2 2006-01-06 14:25:02 PST
*** Bug 6399 has been marked as a duplicate of this bug. ***
Anders Carlsson
Comment 3 2006-01-06 15:56:55 PST
I have a patch that fixes this
Anders Carlsson
Comment 4 2006-01-07 02:25:16 PST
Created attachment 5523 [details] Fix The problem was that my change to operations.cpp made checks against null convert objects to primitives, and converting a large sparse array to a string would simply hang the browser.
Maciej Stachowiak
Comment 5 2006-01-07 02:28:31 PST
Comment on attachment 5523 [details] Fix r=me
Joost de Valk (AlthA)
Comment 6 2006-01-22 04:57:18 PST
Removing keyword(s) since bug is fixed.
Note You need to log in before you can comment on or make changes to this bug.