Closed Bug 616465 Opened 14 years ago Closed 13 years ago

UnlinkFunctionBoxes crashes due to stack space exhaustion in debug build

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 501908

People

(Reporter: decoder, Assigned: jimb)

References

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12
Build Identifier: 

The following code causes too much recursion in UnlinkFunctionBoxes and crashes any debug build (both 1.9.2 and 2.0 branches). Doesn't affect normal builds though.

N=0xFFFE;
var long_eval = buildEval_r(0,N)
eval(long_eval);
function buildEval_r(beginLine,endLine) {
 count= endLine-beginLine;
 if(count==1)
        return "g.e.i";
 middle=beginLine+(count>>1);
 return buildEval_r(beginLine,middle)+buildEval_r(middle,endLine);
}

If this is intended behavior (due to some limit explicitly not being applied in debug mode), let me know :)

Reproducible: Always
Depends on: 501908
Still crashes on tip, but still only in debug mode.
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
Someone want to take this?

/be
I'll take it.
Assignee: general → jimb
Seems already fixed now.

Changeset 60420:f1be82c29a1e: good
The first good revision is:
changeset:   60420:f1be82c29a1e
user:        Jim Blandy
date:        Fri Jan 14 18:09:09 2011 -0800
summary:     Bug 501908: Avoid O(n^2) behavior when recycling large trees. r=igor
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.