Closed Bug 616465 Opened 14 years ago Closed 14 years ago

UnlinkFunctionBoxes crashes due to stack space exhaustion in debug build

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 501908

People

(Reporter: decoder, Assigned: jimb)

References

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12 Build Identifier: The following code causes too much recursion in UnlinkFunctionBoxes and crashes any debug build (both 1.9.2 and 2.0 branches). Doesn't affect normal builds though. N=0xFFFE; var long_eval = buildEval_r(0,N) eval(long_eval); function buildEval_r(beginLine,endLine) { count= endLine-beginLine; if(count==1) return "g.e.i"; middle=beginLine+(count>>1); return buildEval_r(beginLine,middle)+buildEval_r(middle,endLine); } If this is intended behavior (due to some limit explicitly not being applied in debug mode), let me know :) Reproducible: Always
Depends on: 501908
Still crashes on tip, but still only in debug mode.
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
Someone want to take this? /be
I'll take it.
Assignee: general → jimb
Seems already fixed now. Changeset 60420:f1be82c29a1e: good The first good revision is: changeset: 60420:f1be82c29a1e user: Jim Blandy date: Fri Jan 14 18:09:09 2011 -0800 summary: Bug 501908: Avoid O(n^2) behavior when recycling large trees. r=igor
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.