In this js code, Chrome crashes.
Reported by
pwning...@gmail.com,
Oct 12 2017
|
|||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Steps to reproduce the problem: 1. Launch Chrome 2. Run js code attached from chrome. 3. will get crash. What is the expected behavior? What went wrong? It is a code created for testing, but it should not crash. Did this work before? N/A Chrome version: 61.0.3163.100 Channel: stable OS Version: OS X 10.12.6 Flash Version: I tested it on Mac, Linux, and Windows, but the crash happened.
,
Oct 16 2017
,
Oct 16 2017
pwning.me@ - Thanks for filing the issue...!! Could you please provide a sample test file to test the issue from TE-end. This will help us in triaging the issue further. Thanks...!!
,
Oct 16 2017
krajshree@chromium.org I already provided a sample code. you can see https://bugs.chromium.org/p/chromium/issues/attachmentText?aid=306839.
,
Oct 16 2017
Thank you for providing more feedback. Adding requester "krajshree@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 17 2017
Isn't this similar to bug 136658 and other bug reports of the same type. Deliberately allocating a big array that does not fit in memory results in an out of memory which causes V8 to give up and crash.
,
Oct 17 2017
Yes, feel free to reopen if you think this is not the case. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by bokan@chromium.org
, Oct 12 2017Labels: OS-Linux
Running in a JS build gives the following output in console: <--- Last few GCs ---> i[1:0x1a9673645020] 95836 ms: Mark-sweep 1585.0 (1596.8) -> 1585.0 (1597.3) MB, 165.5 / 0.1 ms (+ 1.7 ms in 9 steps since start of marking, biggest step 0.6 ms, walltime since start of marking 4218 ms) finalize incremental marking via stack guard GC in[1:0x1a9673645020] 152359 ms: Mark-sweep 1831.0 (1847.3) -> 1447.0 (1463.3) MB, 378.3 / 0.1 ms (+ 460.7 ms in 58 steps since start of marking, biggest step 24.3 ms, walltime since start of marking 6384 ms) finalize incremental marking via stack guard G <--- JS stacktrace ---> ==== JS stack trace ========================================= Security context: 0x189eb5207889 <Window map = 0x9323e202a71> 1: /* anonymous */ [file:///home/bokan/Downloads/temp.html:~1] [pc=0x362eb2484470](this=0x23b0f6002981 <JSGlobal Object>) ==== Details ================================================ [1]: /* anonymous */ [file:///home/bokan/Downloads/temp.html:~1] [pc=0x362eb2484470](this=0x23b0f6002981 <JSGlobal Object>) { // optimized frame --------- s o u r c e c o d e --------- \x0...