196306 – [WebKit/JavaScriptCore] Assertion failed at Source/JavaScriptCore/runtime/JSArray.h:276

RESOLVED INVALID 196306

[WebKit/JavaScriptCore] Assertion failed at Source/JavaScriptCore/runtime/JSArray.h:276

https://bugs.webkit.org/show_bug.cgi?id=196306

Summary [WebKit/JavaScriptCore] Assertion failed at Source/JavaScriptCore/runtime/JSA...

Suyoung Lee

Reported 2019-03-27 11:11:58 PDT

The debug build of JavaScriptCore failed assertion at Source/JavaScriptCore/runtime/JSArray.h:276. PoC: var var_0 = []; for (var var_1 = 0; var_1 < 100000; ++var_1) var_0.push(new Array(var_1)); Commit: 6369975 OS: Ubuntu 18.04.1 LTS Arch: x86_64

Attachments
Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2019-03-28 11:08:45 PDT

This test hits out of memory, so the process is intentionally terminated.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2019-03-27 11:11 PDT

Modified

2019-03-28 11:08 PDT History

CC List

2 users Show

URL

Keywords

Depends on

Blocks