[Webkit-unassigned] [Bug 106325] New: ArrayBuffer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 8 07:52:30 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=106325
Summary: ArrayBuffer
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Critical
Priority: P1
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: neuralll at gmail.com
ArrayBuffer and its typed buffer varients like Uint8Array etc..
unlike normal Array cause immediate crash or eat all process memory and and neighbours chickens too..
minimum reproduction steps:
as first notticed
on ios 6.0.1 safary. immediate crash
var a=[];
for (var i=0; i < 1024*1024; i++)
a[i]=new ArrayBuffer(1024*1024);
on win7: current latest safary 5.1.7
crashes if any page after such script is loaded and
window.location after such script didnt load page.
on win7 current latest chrome 23.0.1271.97m allocates all process memory in my case (2g) per window/process.
opening two such windows via javascript in my case freezes whole os to crawl due to swapping my 4g ram on my laptop hdd.
didnt had time to check other platforms but seems like webkit related allocator code.
i noticed it due to frequent crashes when working with web audio where buffers are in 1mb ranges or more but lazy gc seems to keeping unused ones around causing fast memory depletion and crashes.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list