[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More Browser on Macosx flaws: nested array sort() loop Stack overflow exception



On Fri, 26 Nov 2004 18:56:01 +0200, Alex R said:
> Anyone know why so many browsers are affected?

Well... let's look at it..

>     <SCRIPT> a = new Array(); while (1) { (a = new
> Array(a)).sort(); } </SCRIPT>

That's the moral equivalent of:

main() { while (1) {malloc(lots);} }

and it's *tricky* to actually trap this one correctly.  The problem is
that when you do the new() that overflows the stack, you can probably
catch the error - but then you get to try to clean up the mess without
making any more function calls that grow the stack and/or malloc more.

Now consider that C++ seems to be the popular language for doing browsers -
and C++ has these things called constructors and destructors.... ;)

(Of course, the *other* possibility is to roll the stack back by hand to some
reasonable recovery point.  This is fun enough in C ('man longjmp' ;), and another
ugly mess for C++)....

Attachment: pgp4wt5BJ9BRC.pgp
Description: PGP signature