Updates:
Status: WorkingAsIntended
Comment #4 on issue 362 by [email protected]: Nested brackets OOM crash in
regular expression
http://code.google.com/p/v8/issues/detail?id=362
If this is the source code:
for (a = "("; a += a; a.length < 0x100000) try {new RegExp(a);} catch (e)
{}
alert("done");
then I have a simple explanation: The increment and test are swapped, so
the for loop
never stops. That means that we don't stop at length 0x200000, but can
reach the
maximal string length, which itself causes a fatal out-of-memory (that
might be a
problem too, it's a different problem :).
Using this instead:
for (a = "("; a.length < 0x100000; a += a) try {new RegExp(a);} catch (e)
{}
alert("done");
runs as expected.
We can run out of memory when parsing to a long regexp, but it will be Zone
memory
(OS-heap allocated), so if it happens, the out-of-memory is for real.
We can also run out of heap memory when flattening the argument to RegExp.
This can
be slightly counter intutitive: We can construct strings with length up to
2^30, but
we can't necessarily use them without getting an out-of-memory situation.
My guess is that this is the cause of the stack-trace seen here, which
appears to
happen at string-length 67108864 (=2^28)
This is the currently expected behavior.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
-~----------~----~----~----~------~----~------~--~---
