Closed
Bug 959167
Opened 11 years ago
Closed 11 years ago
Crash [@ runtimeFromAnyThread] or Crash [@ operator->()] due to unhandled OOM in [@ js::CloneRegExpObject]
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla29
People
(Reporter: decoder, Assigned: decoder)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase, Whiteboard: [jsbugmon:update])
Crash Data
Attachments
(1 file)
|
(deleted),
patch
|
jandem
:
review+
bajaj
:
approval-mozilla-aurora+
bajaj
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
The following testcase crashes on mozilla-central revision 80a27198344a (run with --fuzzing-safe --ion-eager):
gcparam("maxBytes", gcparam("gcBytes") + 4*1024);
function foo() {
var re = /erwe/;
foo(re.multiline);
}
foo();
|
Assignee | |
Updated•11 years ago
|
Blocks: 912928
Crash Signature: [@ runtimeFromAnyThread] or Crash [@ operator->()] due to unhandled OOM in [@ js::CloneRegExpObject] → [@ runtimeFromAnyThread]
[@ operator->()]
Whiteboard: [jsbugmon:update]
|
|
Assignee | |
Comment 1•11 years ago
|
||
Simple fix.
|
||
Updated•11 years ago
|
Attachment #8359227 -
Flags: review?(jdemooij) → review+
|
|
Assignee | |
Comment 2•11 years ago
|
||
|
||
Comment 3•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
|
|
Assignee | |
Updated•11 years ago
|
status-firefox27:
--- → affected
status-firefox28:
--- → affected
status-firefox29:
--- → fixed
tracking-firefox27:
--- → ?
tracking-firefox28:
--- → ?
|
|
Assignee | |
Comment 4•11 years ago
|
||
Comment on attachment 8359227 [details] [diff] [review]
regexp-oom.patch
[Approval Request Comment]
Bug caused by (feature/regressing bug #): 956293
User impact if declined: Crashes/Assertions in debug builds with OOM
Testing completed (on m-c, etc.): mozilla-central for a while
Risk to taking this patch (and alternatives if risky): None, this is debug only, and the fix is very simple.
String or IDL/UUID changes made by this patch: None.
Attachment #8359227 -
Flags: approval-mozilla-beta?
Attachment #8359227 -
Flags: approval-mozilla-aurora?
|
||
Updated•11 years ago
|
tracking-firefox27:
? → ---
tracking-firefox28:
? → ---
|
|
||
Updated•11 years ago
|
Attachment #8359227 -
Flags: approval-mozilla-beta?
Attachment #8359227 -
Flags: approval-mozilla-beta+
Attachment #8359227 -
Flags: approval-mozilla-aurora?
Attachment #8359227 -
Flags: approval-mozilla-aurora+
|
|
Assignee | |
Comment 5•11 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•