[Webkit-unassigned] [Bug 273621] New: Multiple calls to Uint8Array leading to process being killed
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 2 05:49:03 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=273621
Bug ID: 273621
Summary: Multiple calls to Uint8Array leading to process being
killed
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: m.foley20 at imperial.ac.uk
In the below example multiple calls to opt leads to the processing being Killed after consuming too much memory, this seem to be the correct behaviour from the engine.
/bin/jsc bug.js
------------------bug.js---------------------
function opt(opt_param){
const v18 = new Uint8Array(2308212496);
const v21 = eval(Uint8Array);
}
let jit_a0 = opt(true);
let jit_a0_0 = opt(false);
for(let i=0;i<0x10;i++){opt(false);}
for(let i=0;i<0x200;i++){opt(false);}
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240502/ee5db9d5/attachment.htm>
More information about the webkit-unassigned
mailing list