Updates:
Status: Assigned
Labels: Priority-Medium Area-Irregexp
Comment #3 on issue 362 by [email protected]: Nested brackets OOM crash
in regular expression
http://code.google.com/p/v8/issues/detail?id=362
The repro still crashes the tab for me - could you have another look?
#
# Fatal error in i:\trunk\src\v8\src\objects-inl.h, line 825
# CHECK(((info << kFailureTagSize) >> kFailureTagSize) == info) failed
#
==== Stack trace ============================================
Security context: 004BE619 <String[18]: http://skypher.com>
1: DoConstructRegExp(this=004A7BD1 <JS Object>#0#,a=03800729 <JS
RegExp>#1#,b=03800709 <Very long string[67108864]>#2#,d=004B0239 <String[0]:
> ,g=004B016D <true>)
2: new constructor(aka RegExp)(this=03800729 <JS RegExp>#1#,a=03800709
<Very long
string[67108864]>#2#,b=004B0101 <undefined>)
3: arguments adaptor frame: 1->2
5: /* anonymous */(this=004A76A1 <JS Global Object>#3#)
==== Details ================================================
[1]: DoConstructRegExp(this=004A7BD1 <JS Object>#0#,a=03800729 <JS
RegExp>#1#,b=03800709 <Very long string[67108864]>#2#,d=004B0239 <String[0]:
> ,g=004B016D <true>) {
// stack-allocated locals
var i = 004B0185 <false>
var j = 004B0185 <false>
var l = 004B0101 <undefined>
var h = 004B0185 <false>
var k = 0
// expression stack (top to bottom)
[07] : 004B0239 <String[0]: >
[06] : 03800709 <Very long string[67108864]>#2#
[05] : 03800729 <JS RegExp>#1#
--------- s o u r c e c o d e ---------
function DoConstructRegExp(a,b,d,g){??if((%_ClassOf(b)==='RegExp')){?
if(!(typeof(d)==='undefined')){?throw MakeTypeError('regexp_flags',[]);?}?
d=(b.global?'g':'')?+(b.ignoreCase?'i':'')?+(b.multiline?'m':'');?b=b.source;?}??
b=(typeof(b)==='undefined')?'':ToString(b);?d=(typeof(d)==='undefined')?
'':ToString(d);??var h=false;?...
-----------------------------------------
}
[2]: new constructor(aka RegExp)(this=03800729 <JS RegExp>#1#,a=03800709
<Very long
string[67108864]>#2#,b=004B0101 <undefined>) {
// expression stack (top to bottom)
[00] : 004BE67D <String[17]: DoConstructRegExp>
--------- s o u r c e c o d e ---------
<No Source>
-----------------------------------------
}
[3]: arguments adaptor frame: 1->2 {
// actual arguments
[00] : 03800709 <Very long string[67108864]>#2#
}
[5]: /* anonymous */(this=004A76A1 <JS Global Object>#3#) {
// stack-allocated locals
var .catch-var = 0380047D <a SyntaxError>>#4#
var .result = 004B0101 <undefined>
// expression stack (top to bottom)
[08] : 03800709 <Very long string[67108864]>#2#
[07] : 004A75E5 <JS Object>#5#
[06] : 004A7951 <JS Function RegExp>#6#
--------- s o u r c e c o d e ---------
??for (a = "("; a += a; a.length < 0x100000)???try {new RegExp(a);} catch
(e) {}??
alert("done");?
-----------------------------------------
}
==== Key ============================================
#0# 004A7BD1: 004A7BD1 <JS Object>
#1# 03800729: 03800729 <JS RegExp>
source: 03800709 <Very long string[67108864]>#2#
global: 004B0185 <false>
multiline: 004B0185 <false>
lastIndex: 0
ignoreCase: 004B0185 <false>
#2# 03800709: 03800709 <Very long string[67108864]>
#3# 004A76A1: 004A76A1 <JS Global Object>
#4# 0380047D: 0380047D <a SyntaxError>>
#5# 004A75E5: 004A75E5 <JS Object>
#6# 004A7951: 004A7951 <JS Function RegExp>
=====================
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---
