When generating bytecode into ByteCodeGenerator, we aren't considering cases where we doesn't have memory for constants like String. The same is true for BigInt, but we could throw OOM instead of use RELEASE_ASSERT in such cases. Here is a sample of program that crashes due to OOM. ``` var longStr = "f"; for (var i = 0; i < 30; ++i) longStr = longStr + longStr; let sub = longStr.substring(0, longStr.length - 4) let mscript = "0x" + longStr + sub + "n"; eval(mscript); ```
Created attachment 387982 [details] Patch
rdar://problem/58160800
Comment on attachment 387982 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=387982&action=review r=me > Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:125 > + return generator.emitThrowExpressionTooDeepException(); It's hokey that we use "ExpressionTooDeepException" to mean OutOfMemoryError. Maybe we should change this later (in another patch) especially now that we're using in a case that has nothing to do with recursing into nested expressions.
Comment on attachment 387982 [details] Patch Clearing flags on attachment: 387982 Committed r254738: <https://trac.webkit.org/changeset/254738>
All reviewed patches have been landed. Closing bug.
<rdar://problem/58673144>