Bug 6373

Summary:

REGRESSION: JavaScript hang when comparing large array to null

Product:

WebKit

Reporter:

mitz

Component:

JavaScriptCore

Assignee:

Anders Carlsson <andersca>

Status:

VERIFIED FIXED

Severity:

Critical

CC:

eric

Priority:

Keywords:

InRadar

Version:

420+

Hardware:

Mac

OS:

OS X 10.4

URL:

http://www.theregister.com/2005/12/20/nec_lavie_yonah/

Attachments:

Description	Flags
Fix	mjs: review+

mitz

Reported 2006-01-04 07:00:35 PST

Safari hangs on the above URL. It turns out that it's looping over a huge array in a ToString operation, with element->isUndefinedOrNull() in array_object.cpp:467 returning true all the time. Rolling out the changes to operations.cpp from the patch for bug 6268 fixes the problem.

Attachments
Fix (6.17 KB, patch) 2006-01-07 02:25 PST, Anders Carlsson	mjs: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Alice Liu

Comment 1 2006-01-05 14:57:23 PST

<rdar://problem/4400333>

Eric Seidel (no email)

Comment 2 2006-01-06 14:25:02 PST

*** Bug 6399 has been marked as a duplicate of this bug. ***

Anders Carlsson

Comment 3 2006-01-06 15:56:55 PST

I have a patch that fixes this

Anders Carlsson

Comment 4 2006-01-07 02:25:16 PST

Created attachment 5523 [details] Fix The problem was that my change to operations.cpp made checks against null convert objects to primitives, and converting a large sparse array to a string would simply hang the browser.

Maciej Stachowiak

Comment 5 2006-01-07 02:28:31 PST

Comment on attachment 5523 [details] Fix r=me

Joost de Valk (AlthA)

Comment 6 2006-01-22 04:57:18 PST

Removing keyword(s) since bug is fixed.

Note You need to log in before you can comment on or make changes to this bug.