163996 – String.prototype.replace() should throw an OutOfMemoryError when using too much memory.

Bug 163996 - String.prototype.replace() should throw an OutOfMemoryError when using too much memory.

Summary: String.prototype.replace() should throw an OutOfMemoryError when using too mu...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Lam

URL:
Keywords:	InRadar

Depends on:	164125
Blocks:
	Show dependency tree / graph

Reported:	2016-10-25 16:57 PDT by Mark Lam
Modified:	2016-10-28 06:20 PDT (History)
CC List:	13 users (show)

See Also:

Attachments
proposed patch. (11.92 KB, patch) 2016-10-25 17:07 PDT, Mark Lam	no flags	Details \| Formatted Diff \| Diff
proposed patch. (12.23 KB, patch) 2016-10-25 17:25 PDT, Mark Lam	ggaren: review+	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Lam 2016-10-25 16:57:04 PDT

Currently, it just crashes with an allocation failure, which is correct behavior but not too friendly.

Comment 1 Mark Lam 2016-10-25 16:58:12 PDT

<rdar://problem/28263117>

Comment 2 Mark Lam 2016-10-25 17:07:26 PDT

Created attachment 292852 [details]
proposed patch.

Comment 3 Geoffrey Garen 2016-10-25 17:17:51 PDT

Comment on attachment 292852 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=292852&action=review

> Source/JavaScriptCore/runtime/StringPrototype.cpp:462
> +            THROW_AND_RETURN_IF_FAIL(exec, scope, sourceRanges.tryConstructAndAppend(lastIndex, result.start - lastIndex));

I don't really like this idiom because it buries the real code inside the error handling macro.

How about this:

if (!sourceRanges.tryConstructAndAppend(lastIndex, result.start - lastIndex))
    OUT_OF_MEMORY(exec, scope);

Comment 4 Mark Lam 2016-10-25 17:19:06 PDT

(In reply to comment #3)
> Comment on attachment 292852 [details]
> proposed patch.
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=292852&action=review
> 
> > Source/JavaScriptCore/runtime/StringPrototype.cpp:462
> > +            THROW_AND_RETURN_IF_FAIL(exec, scope, sourceRanges.tryConstructAndAppend(lastIndex, result.start - lastIndex));
> 
> I don't really like this idiom because it buries the real code inside the
> error handling macro.
> 
> How about this:
> 
> if (!sourceRanges.tryConstructAndAppend(lastIndex, result.start - lastIndex))
>     OUT_OF_MEMORY(exec, scope);

Sure.  I'll make the change.

Comment 5 Mark Lam 2016-10-25 17:25:38 PDT

Created attachment 292853 [details]
proposed patch.

Comment 6 Geoffrey Garen 2016-10-25 17:32:54 PDT

Comment on attachment 292853 [details]
proposed patch.

r=me

Comment 7 Mark Lam 2016-10-25 18:19:17 PDT

Thanks for the review.  Landed in r207861: <http://trac.webkit.org/r207861>.