Bug 211823

Summary: Exception check for OOM is a bit too late in JSBigInt::exponentiate.
Product: WebKit Reporter: Robin Morisset <rmorisset>
Component: JavaScriptCoreAssignee: Robin Morisset <rmorisset>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Robin Morisset 2020-05-12 18:48:30 PDT 
10n**1000000n crashes instead of throwing an exception.
The cause is simple: we try to look at the result one line before verifying that the operation succeeded.
rdar://problem/63084376
Comment 1 Robin Morisset 2020-05-12 18:52:27 PDT 
Created attachment 399222 [details]
Patch
Comment 2 Mark Lam 2020-05-12 18:55:57 PDT 
Comment on attachment 399222 [details]
Patch

r=me
Comment 3 EWS 2020-05-12 20:09:54 PDT 
Committed r261596: <https://trac.webkit.org/changeset/261596>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 399222 [details].
Comment 4 Radar WebKit Bug Importer 2020-05-12 20:10:18 PDT 
<rdar://problem/63166523>