Bug 294991
| Summary: | functionGenerateHeapSnapshot should expect an OOM exception in JSONParse | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Vassili Bykov <v_bykov> |
| Component: | New Bugs | Assignee: | Vassili Bykov <v_bykov> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Vassili Bykov
functionGenerateHeapSnapshot uses HeapSnapshotBuilder to generate a snapshot as a json string. After producing the string, it checks for an out of memory condition (.hasOverflowed()) and throws an exception if that is the case. Then it proceeds to parse the json string into an object. The parsing can itself throw an out of memory exception. However, the function does not expect that and instead includes a release assert for no exception, which will cause a hard crash if OOM is thrown while parsing. This was observed to happen in an ASAN build.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Vassili Bykov
rdar://150692273
Vassili Bykov
Pull request: https://github.com/WebKit/WebKit/pull/47205
EWS
Committed 296739@main (6b0c69655756): <https://commits.webkit.org/296739@main>
Reviewed commits have been landed. Closing PR #47205 and removing active labels.