Issue 3534: Recursive RegExp crashes renderer process
http://code.google.com/p/chromium/issues/detail?id=3534
New issue report by [EMAIL PROTECTED]:
What steps will reproduce the problem?
Create a "new RegExp('((((((((((((((((((...etc...(((')" in JavaScript with
a very long string of opening brackets.
Repro:
http://skypher.com/SkyLined/Repro/Opera/Opera%209.60%20SE-
Recursion%232515c755/repro.html
What is the expected output? A JavaScript error
What do you see instead? Renderer crashes
unreachable code is executed in srv\v8\src\api.cc:
// When V8 cannot allocated memory FatalProcessOutOfMemory is called.
// The default fatal error handler is called and execution is stopped.
void i::V8::FatalProcessOutOfMemory(const char* location) {
has_shut_down = true;
FatalErrorCallback callback = GetFatalErrorHandler();
callback(location, "Allocation failed - process out of memory");
// If the callback returns, we stop execution.
UNREACHABLE();
}
Other browsers:
FireFox 3.1: survives
IE 7.0: 100% CPU consumption
Opera 9.60: crash (Stack exhaustion)
Safari: survives (uses a lot of memory, may be a memory leak even)
Issue attributes:
Status: Untriaged
Owner: [EMAIL PROTECTED]
Labels: Type-Bug Pri-2 OS-All Area-Misc
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/chromium-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
