Hang trying to serialize a sparse JavaScript array

RESOLVED INVALID

Status

()

--
critical
RESOLVED INVALID
12 years ago
6 years ago

People

(Reporter: jruderman, Unassigned)

Tracking

(Blocks: 1 bug, {hang, testcase})

Trunk
hang, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
js> void (x = [].constructor(0xffffffff));
js> x

Result: hang

I'm not sure this is a bug.

Comment 1

12 years ago
Running the js shell with enabled branch callback terminates the script:

~> js -b 10000
js> void (x = [].constructor(0xffffffff));
void (x = [].constructor(0xffffffff));
js> x
x
native branch callback (10000 callbacks)
js> 

Thus I suggest to mark this as invalid.
(Reporter)

Comment 2

12 years ago
Brendan suggests:
* Immediately throw OOM if it's obvious there won't be enough memory to hold the serialized string.
* Improve the speed of array.join (bug 374740).

Even with those fixed, it might still be possible to hang with a similar testcase (using a slightly smaller number).  But I probably deserve that hang for having turned off the slow-script dialog.
(Reporter)

Comment 3

10 years ago
void ("" + new Array(0x90000000)) hangs ./js

This makes it painful to use large numbers in jsfunfuzz, which may be necessary for finding certain bugs.

Comment 4

8 years ago
(In reply to comment #3)
> ...
> This makes it painful to use large numbers in jsfunfuzz, which may be
> necessary for finding certain bugs.

(In reply to comment #2)
> ...
> * Improve the speed of array.join (bug 374740).
> 
> Even with those fixed, it might still be possible to hang with a similar
> testcase (using a slightly smaller number).  But I probably deserve that
> hang for having turned off the slow-script dialog.

374740 is fixed
Both testcases still hang.
OS: Mac OS X → All
Hardware: x86 → All

Comment 6

6 years ago
Get's slow-script dialog in the browser which successfully kills it, so resolving invalid.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.