[Webkit-unassigned] [Bug 222399] New: Assertion Failed when creating a huge array
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 24 19:26:50 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=222399
Bug ID: 222399
Summary: Assertion Failed when creating a huge array
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: sunlili at ict.ac.cn
Hello, an assertion fail will be triggered in the latest jsc (debug, static) when executing following testcase:
var arr = [];
for (let i = 0; i < 100000; i++) {
arr[i] = new Array(i);
}
The output is:
ASSERTION FAILED: result
../../Source/JavaScriptCore/runtime/JSArray.h(282) : static JSC::JSArray *JSC::JSArray::create(JSC::VM &, JSC::Structure *, unsigned int)
Aborted (core dumped)
It seems to be an OOM bug.
ISec Lab.
2021.2.25
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210225/0ec57874/attachment-0001.htm>
More information about the webkit-unassigned
mailing list