[Webkit-unassigned] [Bug 196306] New: [WebKit/JavaScriptCore] Assertion failed at Source/JavaScriptCore/runtime/JSArray.h:276
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 27 11:11:58 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196306
Bug ID: 196306
Summary: [WebKit/JavaScriptCore] Assertion failed at
Source/JavaScriptCore/runtime/JSArray.h:276
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: sevendays37 at gmail.com
The debug build of JavaScriptCore failed assertion at Source/JavaScriptCore/runtime/JSArray.h:276.
PoC:
var var_0 = [];
for (var var_1 = 0; var_1 < 100000; ++var_1)
var_0.push(new Array(var_1));
Commit: 6369975
OS: Ubuntu 18.04.1 LTS
Arch: x86_64
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190327/8b583e0f/attachment.html>
More information about the webkit-unassigned
mailing list