| <!doctype html> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="resources/stack-overflow.js"></script> |
| <script> |
| // Trigger the following crash: |
| |
| // #0 0x7ffff7d8092c base::debug::StackTrace::StackTrace() |
| // #1 0x7ffff7d80491 base::debug::(anonymous namespace)::StackDumpSignalHandler() |
| // #2 0x7ffff00130c0 <unknown> |
| // #3 0x7ffff41c113d v8::internal::GlobalHandles::MakeWeak() |
| // #4 0x7ffff308198e blink::ReadableStreamBytesConsumer::ReadableStreamBytesConsumer() |
| // #5 0x7ffff306bc6f blink::BodyStreamBuffer::ReleaseHandle() |
| // #6 0x7ffff306b883 blink::BodyStreamBuffer::StartLoading() |
| // #7 0x7ffff306914d blink::Body::blob() |
| // #8 0x7ffff37a9d20 blink::V8Response::blobMethodCallback() |
| // #9 0x7ffff3f02097 v8::internal::FunctionCallbackArguments::Call() |
| // #10 0x7ffff3f015a3 v8::internal::(anonymous namespace)::HandleApiCallHelper<>() |
| // #11 0x7ffff3f00ca6 v8::internal::Builtin_Impl_HandleApiCall() |
| |
| // This happens on Linux release build at 70ddf623, no DCHECK. It may be |
| // possible to reproduce in other environments by bisecting the second argument |
| // to fillStackAndRun() until you get the above crash. |
| |
| // See https://bugs.chromium.org/p/chromium/issues/detail?id=829790#c5 |
| |
| test(() => { |
| const rs = new ReadableStream(); |
| const response = new Response(rs); |
| try { |
| // This throws an exception in debug builds but not in release builds. |
| // If the process doesn't crash, the test passed. |
| fillStackAndRun(() => response.blob(), 784); |
| } catch (e) { |
| } |
| }, 'stack overflow in response.blob() should not crash the browser'); |
| </script> |
