[Webkit-unassigned] [Bug 265240] JSC core dumped when sorting a big Array in Debug/Release Mode
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 12 07:48:55 PST 2023
https://bugs.webkit.org/show_bug.cgi?id=265240
--- Comment #5 from Mark Lam <mark.lam at apple.com> ---
> Are you sure this is expected behavior? I found this bug has been fixed by Mark Lam in https://bugs.webkit.org/show_bug.cgi?id=265743. Why is the status of my bug not updated. This is a bug I reported. I want to know if my bug has been fixed. This bug should be assigned, shouldn't it?
Thanks for filing this bug.
This does appear to be expected behavior. Reasonable programs would not be trying to allocated a Float32Array with the a size as large as 1073741824. We have 2 ways to handle a request like this:
1. Crash because the request is too large and unreasonable for a realistic program.
2. Detect it and throw an OutOfMemory error.
(1) is our default approach, because it is always correct and it does not impact users in real world usage, except for pathological websites. Even if we throw an OOME, the website would to work correctly anyway. It will just error out. This is a website specific bug, not a browser bug.
(2) is a "nice to have" polish if we can fix this add an OOME check without too much performance and complexity cost. Regardless, even when possible, it is low priority to implement (2).
Also, IIUC, bugs are not assigned to WebKit developers by default. This is an open project, and developers who want to take on a bug may assign it to themselves to tackle and to let others know that they are working on it so as to avoid redundant work.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20231212/35f47813/attachment.htm>
More information about the webkit-unassigned
mailing list