Bug 49900

Summary: [chromium] ArrayBuffer size check missing - easy OOM
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: WebGLAssignee: Kenneth Russell <kbr>
Status: RESOLVED WONTFIX    
Severity: Normal CC: eric, kbr, schenney
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   

Description Berend-Jan Wever 2010-11-22 03:07:15 PST 
Repro:
new ArrayBuffer(0x7FFFFFFF);
Instant OOM. It may be wise to add a check for this to increase stability.
Comment 1 Berend-Jan Wever 2011-01-10 03:25:02 PST 
Chromium bug: http://code.google.com/p/chromium/issues/detail?id=42342
The Chromium bug contains a discussion that may be of interest when fixing this.

Variations:
new Uint32Array(0x3FFFFFFF)
new Int32Array(0x3FFFFFFF)
new Float32Array(0x3FFFFFFF)
new Uint16Array(0x3FFFFFFF)
new Int16Array(0x3FFFFFFF)
new Uint8Array(0x3FFFFFFF)
new Int8Array(0x3FFFFFFF)
new ArrayBuffer(0x3FFFFFFF)
Comment 2 Kenneth Russell 2011-01-10 10:47:28 PST 
To be clear, this crash is only occurring on the Chromium port because of our OOM killer. WebKit behaves correctly; the tryFastMalloc primitive is used to initialize these array instances.