[Webkit-unassigned] [Bug 106325] New: ArrayBuffer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 8 07:52:30 PST 2013


https://bugs.webkit.org/show_bug.cgi?id=106325

           Summary: ArrayBuffer
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Critical
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: neuralll at gmail.com


ArrayBuffer  and its typed buffer varients  like Uint8Array etc..
unlike normal Array cause immediate crash or eat all process memory and and neighbours chickens too..

minimum reproduction steps:

as first notticed
on ios 6.0.1 safary. immediate crash

var a=[];
for (var i=0; i < 1024*1024; i++)
    a[i]=new ArrayBuffer(1024*1024);

on win7: current latest safary  5.1.7 

crashes if any page after such script is loaded and 
window.location after such script didnt load page.

on win7 current latest chrome 23.0.1271.97m  allocates all process memory in my case (2g) per window/process. 
opening two such windows via javascript in my case freezes whole os to crawl due to swapping my 4g ram on my  laptop hdd.

didnt had time to check other platforms but seems like webkit related allocator code. 
i noticed it due to frequent crashes when working with web audio where buffers are in 1mb ranges or more but  lazy gc seems to keeping unused ones around causing fast memory depletion and crashes.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list