Priority: P1: Critical
Affects Version/s: 5.8.0, 5.9.1, 5.10.0 Beta 1, 5.10.0, 5.10.1
Fix Version/s: 5.9.5
Environment:1) Linux pc 4.12.2-1-ARCH #1 SMP PREEMPT x86_64 GNU/Linux
2) Windows 10 x86_64 / Windows 7
3) Android 6.0 x86
4) Android 8.0 armeabi-v7a
A simple testcase (see below for a more complex one with smaller arrays and smaller expected memory consumption):
The `len` required to crash is dependent on the platform, e.g.
- On Android phone (Nexus 5x with Android 8), it's below 600000
- On my Linux setup, it's below 2100000
For comparison, Node.js/v8 memory consumption on this test with various lengths:
- 0 — 9 MiB (baseline)
- 600000 — 19 MiB
- 2100000 — 45 MiB
Allocating a single array is not the only way to reach the segfault, but that was the most simple testcase.
Here is a more complex one, involving smaller arrays and smaller expected memory consumption:
That also works in an asynchronous way:
On my Linux pc, it segfaults at about i~=30 (drifting a bit).