106325 – ArrayBuffer out of memory conditions not handled correctly?

Bug 106325 - ArrayBuffer out of memory conditions not handled correctly?

Summary: ArrayBuffer out of memory conditions not handled correctly?

Status:	UNCONFIRMED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-01-08 07:54 PST by Ladislav Nevery
Modified:	2013-01-08 10:27 PST (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ladislav Nevery 2013-01-08 07:54:24 PST

ArrayBuffer  and its typed buffer varients  like Uint8Array etc..
unlike normal Array cause immediate crash or eat all process memory and and neighbours chickens too..

minimum reproduction steps:

as first notticed
on ios 6.0.1 safary. immediate crash

var a=[];
for (var i=0; i < 1024*1024; i++)
	a[i]=new ArrayBuffer(1024*1024);

on win7: current latest safary  5.1.7 

crashes if any page after such script is loaded and 
window.location after such script didnt load page.

on win7 current latest chrome 23.0.1271.97m  allocates all process memory in my case (2g) per window/process. 
opening two such windows via javascript in my case freezes whole os to crawl due to swapping my 4g ram on my  laptop hdd.

didnt had time to check other platforms but seems like webkit related allocator code. 
i noticed it due to frequent crashes when working with web audio where buffers are in 1mb ranges or more but  lazy gc seems to keeping unused ones around causing fast memory depletion and crashes.