Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(136)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: test/mjsunit/regress/regress-670671.js

Issue 2555703003: [stubs] Add option to allow LO space allocation (Closed)
Patch Set: Address comments Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/runtime/runtime-internal.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Trigger an infinite loop through RegExp.prototype[@@match], which results
6 // in unbounded growth of the results array.
7
8 // Limit the number of iterations to avoid OOM while still triggering large
9 // object space allocation.
10 const min_ptr_size = 4;
11 const max_regular_heap_object_size = 507136;
12 const num_iterations = max_regular_heap_object_size / min_ptr_size;
13
14 let i = 0;
15
16 const re = /foo.bar/;
17 const RegExpPrototypeExec = RegExp.prototype.exec;
18 re.exec = (str) => {
19 return (i++ < num_iterations) ? RegExpPrototypeExec.call(re, str) : null;
20 };
21 re.__defineGetter__("global", () => true); // Triggers infinite loop.
22
23 "foo*bar".match(re); // Should not crash.
OLDNEW
« no previous file with comments | « src/runtime/runtime-internal.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698