v8 version: 9.6
Hi I was able to reproduce a crash in the example shell and d8 with
following script. Before this could be caught by an OOM handler. Also if I
set the heap size to be very small (e.g. 2MB) the oom handler could still
work.
let a = [];
for (;;) a.push("test")
#
# Fatal error in ../../src/heap/factory-base.cc, line 77
# Fatal JavaScript invalid size error 169220804
#
#
#
#FailureMessage Object: 0x7ffe207e93b0
==== C stack trace ===============================
/v8/out.gn/x64.debug/libv8_libbase.so(v8::base::debug::StackTrace::StackTrace()+0x16)
[0x7fa2f31944a6]
/v8/out.gn/x64.debug/libv8_libplatform.so(+0xfe9b) [0x7fa2f2f55e9b]
/v8/out.gn/x64.debug/libv8_libbase.so(V8_Fatal(char const*, int, char
const*, ...)+0x170) [0x7fa2f31789a0]
/v8/out.gn/x64.debug/libv8.so(+0xf17863) [0x7fa2f42b7863]
/v8/out.gn/x64.debug/libv8.so(+0x11d9a30) [0x7fa2f4579a30]
/v8/out.gn/x64.debug/libv8.so(+0x11db385) [0x7fa2f457b385]
/v8/out.gn/x64.debug/libv8.so(+0x14932cd) [0x7fa2f48332cd]
/v8/out.gn/x64.debug/libv8.so(+0x1493914) [0x7fa2f4833914]
[0x335c003705bf]
Trace/breakpoint trap (core dumped)
--
--
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/v8-users/86342567-3d76-4701-a1a0-9b7e2c3efc4dn%40googlegroups.com.
