Bug 49900 - [chromium] ArrayBuffer size check missing - easy OOM
Summary: [chromium] ArrayBuffer size check missing - easy OOM
Status: RESOLVED WONTFIX
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebGL (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows Vista
: P1 Normal
Assignee: Kenneth Russell
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-22 03:07 PST by Berend-Jan Wever
Modified: 2013-04-08 14:06 PDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Berend-Jan Wever 2010-11-22 03:07:15 PST 
Repro:
new ArrayBuffer(0x7FFFFFFF);
Instant OOM. It may be wise to add a check for this to increase stability.
Comment 1 Berend-Jan Wever 2011-01-10 03:25:02 PST 
Chromium bug: http://code.google.com/p/chromium/issues/detail?id=42342
The Chromium bug contains a discussion that may be of interest when fixing this.

Variations:
new Uint32Array(0x3FFFFFFF)
new Int32Array(0x3FFFFFFF)
new Float32Array(0x3FFFFFFF)
new Uint16Array(0x3FFFFFFF)
new Int16Array(0x3FFFFFFF)
new Uint8Array(0x3FFFFFFF)
new Int8Array(0x3FFFFFFF)
new ArrayBuffer(0x3FFFFFFF)
Comment 2 Kenneth Russell 2011-01-10 10:47:28 PST 
To be clear, this crash is only occurring on the Chromium port because of our OOM killer. WebKit behaves correctly; the tryFastMalloc primitive is used to initialize these array instances.