RESOLVED FIXED294991
functionGenerateHeapSnapshot should expect an OOM exception in JSONParse 
https://bugs.webkit.org/show_bug.cgi?id=294991
Summary functionGenerateHeapSnapshot should expect an OOM exception in JSONParse
Vassili Bykov
Reported 2025-06-25 12:32:03 PDT
functionGenerateHeapSnapshot uses HeapSnapshotBuilder to generate a snapshot as a json string. After producing the string, it checks for an out of memory condition (.hasOverflowed()) and throws an exception if that is the case. Then it proceeds to parse the json string into an object. The parsing can itself throw an out of memory exception. However, the function does not expect that and instead includes a release assert for no exception, which will cause a hard crash if OOM is thrown while parsing. This was observed to happen in an ASAN build.
Attachments
Add attachment proposed patch, testcase, etc.
Vassili Bykov
Comment 1 2025-06-25 13:52:58 PDT
rdar://150692273
Vassili Bykov
Comment 2 2025-06-25 14:23:06 PDT
Pull request: https://github.com/WebKit/WebKit/pull/47205
EWS
Comment 3 2025-06-27 11:21:19 PDT
Committed 296739@main (6b0c69655756): <https://commits.webkit.org/296739@main> Reviewed commits have been landed. Closing PR #47205 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.