Status: New Owner: ---- New issue 173 by [EMAIL PROTECTED]: v8::Script::Compile() crashes when parsing very long (but simple) file http://code.google.com/p/v8/issues/detail?id=173
When trying to parse the page: http://isntinuse.com/crash_v8.html, which contains 4*2^20 repetitions of the string 'a=3;\n' inside a <script> tag, v8 crashes with a memory allocation failure. This should probably be handled more gracefully as it causes a sadtab on a page that's only 30k gzipped. Here's what a stacktrace looks like when running in Visual Studio's debugger: > chrome.dll!`anonymous namespace'::OnNoMemory(unsigned int memory_size=617864296) Line 69 C++ chrome.dll!_callnewh(unsigned int size=617864296) Line 135 + 0xb bytes C++ chrome.dll!malloc(unsigned int size=617864296) Line 179 + 0x6 bytes C chrome.dll!v8::internal::Malloced::New(unsigned int size=617864296) Line 37 + 0xb bytes C++ chrome.dll!v8::internal::Zone::NewExpand(int size=36) Line 159 + 0x6 bytes C++ chrome.dll!v8::internal::Scope::ResolveVariable(v8::internal::Scope * global_scope=0x02398010, v8::internal::VariableProxy * proxy=0x32c2a408) Line 608 + 0x7 bytes C++ chrome.dll!v8::internal::Scope::ResolveVariablesRecursively(v8::internal::Scope * global_scope=0x02398010) Line 630 + 0xf bytes C++ chrome.dll!v8::internal::Scope::AllocateVariables() Line 312 C++ chrome.dll!v8::internal::MakeCode(v8::internal::FunctionLiteral * literal=0x00000000, v8::internal::Handle<v8::internal::Script> script={...}, bool is_eval=false) Line 79 C++ chrome.dll!v8::internal::MakeFunction(bool is_global=true, bool is_eval=false, v8::internal::Handle<v8::internal::Script> script={...}, v8::Extension * extension=0x00000000, v8::internal::ScriptDataImpl * pre_data=0x0240ab88) Line 122 C++ chrome.dll!v8::internal::Compiler::Compile(v8::internal::Handle<v8::internal::String> source={...}, v8::internal::Handle<v8::internal::Object> script_name={...}, int line_offset=0, int column_offset=0, v8::Extension * extension=0x00000000, v8::internal::ScriptDataImpl * input_pre_data=0x00000000) Line 189 + 0x15 bytes C++ chrome.dll!v8::Script::Compile(v8::Handle<v8::String> source={...}, v8::ScriptOrigin * origin=0x0229f500, v8::ScriptData * script_data=0x00000000) Line 1047 C++ chrome.dll!WebCore::V8Proxy::CompileScript(v8::Handle<v8::String> code={...}, const WebCore::String & fileName={...}, int baseLine=0) Line 927 + 0x20 bytes C++ chrome.dll!WebCore::V8Proxy::Evaluate(const WebCore::String & fileName={...}, int baseLine=0, const WebCore::String & str={...}, WebCore::Node * n=0x00000000) Line 965 + 0x15 bytes C++ chrome.dll!WebCore::V8Bridge::evaluate(const WebCore::String & filename={...}, int baseLine=0, const WebCore::String & code={...}, WebCore::Node * node=0x00000000, bool * succ=0x0229f627) Line 229 + 0x1c bytes C++ chrome.dll!WebCore::FrameLoader::executeScript(const WebCore::String & url={...}, int baseLine=0, const WebCore::String & script={...}, bool * succ=0x0229f627) Line 762 C++ chrome.dll!WebCore::FrameLoader::executeScript(const WebCore::String & url={...}, int baseLine=0, const WebCore::String & script={...}) Line 738 + 0x19 bytes C++ chrome.dll!WebCore::HTMLTokenizer::scriptExecution(const WebCore::String & str={...}, WebCore::HTMLTokenizer::State state={...}, const WebCore::String & scriptURL={...}, int baseLine=0) Line 521 + 0x36 bytes C++ chrome.dll!WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State state={...}) Line 471 + 0x1e bytes C++ chrome.dll!WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...}) Line 320 + 0xe bytes C++ chrome.dll!WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...}) Line 1238 + 0x1b bytes C++ chrome.dll!WebCore::HTMLTokenizer::write(const WebCore::SegmentedString & str={...}, bool appendData=true) Line 1460 + 0x17 bytes C++ chrome.dll!WebCore::FrameLoader::write(const char * str=0x03c20000, int len=5067, bool flush=false) Line 1026 + 0x1b bytes C++ chrome.dll!WebCore::FrameLoader::addData(const char * bytes=0x03c20000, int length=5067) Line 1781 C++ chrome.dll!WebFrameImpl::DidReceiveData(WebCore::DocumentLoader * loader=0x030396a0, const char * data=0x03c20000, int length=5067) Line 1441 C++ chrome.dll!WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader * loader=0x030396a0, const char * data=0x03c20000, int length=5067) Line 1046 C++ chrome.dll!WebCore::DocumentLoader::commitLoad(const char * data=0x03c20000, int length=5067) Line 354 C++ chrome.dll!WebCore::DocumentLoader::receivedData(const char * data=0x03c20000, int length=5067) Line 365 + 0xf bytes C++ ... -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
