211823 – Exception check for OOM is a bit too late in JSBigInt::exponentiate.

Bug 211823 - Exception check for OOM is a bit too late in JSBigInt::exponentiate.

Summary: Exception check for OOM is a bit too late in JSBigInt::exponentiate.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Robin Morisset

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-05-12 18:48 PDT by Robin Morisset
Modified:	2020-05-12 20:10 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Patch (3.59 KB, patch) 2020-05-12 18:52 PDT, Robin Morisset	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robin Morisset 2020-05-12 18:48:30 PDT

10n**1000000n crashes instead of throwing an exception.
The cause is simple: we try to look at the result one line before verifying that the operation succeeded.
rdar://problem/63084376

Comment 1 Robin Morisset 2020-05-12 18:52:27 PDT

Created attachment 399222 [details]
Patch

Comment 2 Mark Lam 2020-05-12 18:55:57 PDT

Comment on attachment 399222 [details]
Patch

r=me

Comment 3 EWS 2020-05-12 20:09:54 PDT

Committed r261596: <https://trac.webkit.org/changeset/261596>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 399222 [details].

Comment 4 Radar WebKit Bug Importer 2020-05-12 20:10:18 PDT

<rdar://problem/63166523>