https://codereview.chromium.org/553623004/diff/60001/test/mjsunit/array-length.js
File test/mjsunit/array-length.js (right):
https://codereview.chromium.org/553623004/diff/60001/test/mjsunit/array-length.js#newcode161
test/mjsunit/array-length.js:161:
Array.prototype.toLocaleString.apply(o);
On 2014/10/12 20:02:03, Diego Pino wrote:
When that expression is evaluated I got an exception. The same happens
for
Integer.MAX_SAFE_INTEGER.
What exception? Should we test for that specific exception?
However, if I try 0xffffffff there's a crash and I got a core dump:
d8> var o = { length: 0xffffffff };
undefined
d8> Array.prototype.toLocaleString.apply(o)
#
# Fatal error in invalid table size
# Allocation failed - process out of memory
#
Indeed, this is how V8 deals with out-of-memory situations.
I'm not sure about what to do. Should I avoid testing any big positive
number to
avoid the possibility that the tests may crash?
Basically, yes. We can't allocate gigabytes of memory in the normal test
suite. Unhappily though this makes this patch harder to test -- I
suspect integer-overflow vulnerabilities might be present but can't
disprove them :(
https://codereview.chromium.org/553623004/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
