211823 – Exception check for OOM is a bit too late in JSBigInt::exponentiate.

RESOLVED FIXED 211823

Exception check for OOM is a bit too late in JSBigInt::exponentiate.

https://bugs.webkit.org/show_bug.cgi?id=211823

Summary Exception check for OOM is a bit too late in JSBigInt::exponentiate.

Robin Morisset

Reported 2020-05-12 18:48:30 PDT

10n**1000000n crashes instead of throwing an exception. The cause is simple: we try to look at the result one line before verifying that the operation succeeded. rdar://problem/63084376

Attachments
Patch (3.59 KB, patch) 2020-05-12 18:52 PDT, Robin Morisset	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Robin Morisset

Comment 1 2020-05-12 18:52:27 PDT

Created attachment 399222 [details] Patch

Mark Lam

Comment 2 2020-05-12 18:55:57 PDT

Comment on attachment 399222 [details] Patch r=me

EWS

Comment 3 2020-05-12 20:09:54 PDT

Committed r261596: <https://trac.webkit.org/changeset/261596> All reviewed patches have been landed. Closing bug and clearing flags on attachment 399222 [details].

Radar WebKit Bug Importer

Comment 4 2020-05-12 20:10:18 PDT

<rdar://problem/63166523>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Robin Morisset

Reported

2020-05-12 18:48 PDT

Modified

2020-05-12 20:10 PDT History

CC List

7 users Show

URL

Keywords InRadar

Depends on

Blocks