Updates:
Status: WontFix
Comment #14 on issue 16359 by [email protected]: Crash -
v8::internal::Deserializer::GetObject()
http://code.google.com/p/chromium/issues/detail?id=16359
This is not a recent regression. I have found the crash going back to
1.0.154.36,
and I didn't look before that.
The crash is because we assume that allocation cannot fail during
deserialization of
the V8 heap snapshot. If it does, we will crash when we dereference the
encoding of
a V8 allocation failure as if it were a heap object.
The root cause is that a call to allocate from the OS has failed. This has
been
observed both before and after we switched to the tcmalloc allocator, and
it has also
been observed on Mac. That makes it very likely to be a genuine out of
memory
situation.
In that case, a renderer sad tab is "working as intended". I'll clean up
the
deserialization code to catch the allocation failure earlier and call our
out of
memory handler.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
