[Webkit-unassigned] [Bug 171630] [JSC] Test stringimpl-to-jsstring-on-large-strings-2 uses a lot of RAM
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 3 19:05:07 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=171630
--- Comment #9 from Carlos Alberto Lopez Perez <clopez at igalia.com> ---
(In reply to Carlos Alberto Lopez Perez from comment #8)
> So.. this is the issue:
>
> function createRegexp() {
> var s = "a".repeat(0x3fffffff);
> var r = RegExp.prototype.toString.call({
> source: s,
> flags: s,
> });
> return [s, r];
> };
>
>
> Both Firefox and chrome abort at var s = "a".repeat(0x3fffffff); with
> "repeat count must be less than infinity and not overflow maximum string
> size" (firefox) or "Invalid string length".
>
We abort later with "Out of memory" on the call to RegExp.prototype.toString() which such string. But that is already late for this test case. We should not allow to build such string in the very fist place.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170504/558e37e9/attachment.html>
More information about the webkit-unassigned
mailing list