Closed Bug 877459 Opened 11 years ago Closed 10 years ago

YARR Crash [@ ~Vector] with OOM

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 990096

People

(Reporter: decoder, Unassigned)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(2 files)

[crash-signature] Machine-readable crash signature
805 bytes, text/plain
Details
stack
7.61 KB, text/plain
Details 
The following testcase crashes on mozilla-central revision 8d85de779506 (no options required):


oomAfterAllocations(10);
actual = /\ca/.test( "\\ca" );
actual = /\c[a/]/.test( "\x1ba/]" );
Yarr bugs may have to be reported upstream, see bug 808478.
Attached file stack 
Still occurs with 64-bit debug threadsafe shell on Mac m-c rev 9afe2a1145bd.
Jan, how should we move this forward?
Flags: needinfo?(jdemooij)
(In reply to Gary Kwong [:gkw] [:nth10sd] from comment #4)
> Jan, how should we move this forward?

Sorry for the delay. On m-i tip the code looks like this:

        if (!impl.append(static_cast<T>(u)))
            js::CrashAtUnhandlableOOM("Yarr");

And |hg annotate| points to bug 990096, so I'll mark this as dup.
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(jdemooij)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: