[Webkit-unassigned] [Bug 23089] [jsfunfuzz] tostring on large array causes oom hang/crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 4 07:17:33 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=23089
oliver at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mjs at apple.com,
| |darin at apple.com
------- Comment #2 from oliver at apple.com 2009-01-04 07:17 PDT -------
Hmmm, it occurs to me that relying on the slow script dialog to kill execution
won't work in the shell.
Also the code has a null check of the data for the buffer (to catch OOM) but
vector growing uses the crashing version of malloc
Is it possible to make a vector use the non-throwing version?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list