out of memory on v8 optimizations API fatal error handler returned after process out of memory
Reported by
ak4...@gmail.com,
Nov 20 2017
|
||
Issue description
UserAgent: Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0
Steps to reproduce the problem:
1. run the testcase at chrome//asan//d8
2. it will reproduce on all platforms.
3.
What is the expected behavior?
like firefox, no crash.
What went wrong?
this is the test case:
eval('var1 = go(///a);j = 0;function go (y = (function rec(a1, a2) {j+=1;if ((a1.length == a2) && (j <10)) { b = ///b; } else{a2 + ///b);}})([,], 0), b = ///c){}')
where i a,b,c are mutated by a fuzzer given a test case from the fuzzer that will crash the browser (all platforms (win+linux), chromium + chrome, and d8 on both...)
the fuzzer runs on v8 so the problem is as the stack trace.
regards.
Did this work before? N/A
Does this work in other browsers? N/A
Chrome version: 62.0.3202.94 (Official Build) (64-bit) Channel: stable
OS Version: 10 rs3
Flash Version:
if you need more info or you want the fuzzer script on this case, then tell me.
,
Nov 23 2017
assigning to memory sheriff for further triage. |
||
►
Sign in to add a comment |
||
Comment 1 by krajshree@chromium.org
, Nov 21 2017Labels: M-64 Needs-Triage-M62 Triaged-ET OS-Linux OS-Mac
Status: Untriaged (was: Unconfirmed)