| Summary: | [WebKit/JavaScriptCore] Assertion failed at Source/JavaScriptCore/runtime/JSArray.h:276 | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Suyoung Lee <sevendays37> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | ap, fpizlo |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
This test hits out of memory, so the process is intentionally terminated. |
The debug build of JavaScriptCore failed assertion at Source/JavaScriptCore/runtime/JSArray.h:276. PoC: var var_0 = []; for (var var_1 = 0; var_1 < 100000; ++var_1) var_0.push(new Array(var_1)); Commit: 6369975 OS: Ubuntu 18.04.1 LTS Arch: x86_64