mirror of
https://github.com/tc39/test262.git
synced 2025-11-03 21:24:30 +01:00
7298a38552
sourceRevisionAtLastExport: 33f2fb0e53d135f0ee17cfccd9d993eb2a6f47de targetRevisionAtLastExport: 31340cbd9add103f586d501b0c3354b7b182abc0
24 lines
789 B
JavaScript
24 lines
789 B
JavaScript
// Copyright 2016 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Trigger an infinite loop through RegExp.prototype[@@match], which results
|
|
// in unbounded growth of the results array.
|
|
|
|
// Limit the number of iterations to avoid OOM while still triggering large
|
|
// object space allocation.
|
|
const min_ptr_size = 4;
|
|
const max_regular_heap_object_size = 507136;
|
|
const num_iterations = max_regular_heap_object_size / min_ptr_size;
|
|
|
|
const RegExpPrototypeExec = RegExp.prototype.exec;
|
|
|
|
let i = 0;
|
|
|
|
RegExp.prototype.__defineGetter__("global", () => true);
|
|
RegExp.prototype.exec = function(str) {
|
|
return (i++ < num_iterations) ? RegExpPrototypeExec.call(this, str) : null;
|
|
};
|
|
|
|
"a".match();
|