IE Reproducible Memory Issue: Corruption of Arrays Passed ToFunctions

#1 (**permalink**) 07-31-2009

Running the code below results in corruption of array memory. Tests
have resulted in corruption after anywhere between 50,000 and 150,000
calls to the passArray function. Calling passArray with 1 array
argument results in corruption too, but takes longer to reproduce than
if passing 100 array arguments.

<html>
<style>
table, th, td
{
border: 1px solid black;
padding: 5px;
}

table
{
width: 100%;
}

th, td
{
width: 50%;
}
</style>
<script>
var _attempts = 0;
var _corrupt = false;
var __x = [];

function testArray()
{
doPassArray();
document.getElementById("spanAttempts").innerHTML = ++_attempts;
if (_corrupt)
{
document.getElementById("tdResultCorrupt").innerHT ML =
__x.join("<br>");
__x = [];
doPassArray();
document.getElementById("tdResultNext").innerHTML = __x.join
("<br>");
}
else
{
if ((_attempts % 1000) == 0)
{
window.setTimeout("testArray()", 0);
}
else
{
testArray();
}
}
}

function doPassArray()
{
passArray(
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
["aa", "bb"]);
}

function passArray()
{
for (var indexArgument = 0; (indexArgument < arguments.length)
&& !_corrupt; indexArgument++)
{
for (var index = 0; index < arguments[indexArgument].length;
index++)
{
if (arguments[indexArgument][index] == undefined)
{
_corrupt = true;
break;
}
}
}
if (_corrupt)
{
for (var indexArgument = 0; indexArgument < arguments.length;
indexArgument++)
{
__x.push("argument " + indexArgument);
for (var item in arguments[indexArgument])
{
__x.push(item + ": " + arguments[indexArgument][item]);
}
__x.push("");
}
}
}
</script>
<body onload="testArray()">
Internet Explorer - Array Corruption Attempts ... <span
id="spanAttempts"></span><br>
<table>
<tr>
<th>Corrupt</th>
<th>Next (Back To Normal?)</th>
</tr>
<tr>
<td id="tdResultCorrupt"> </td>
<td id="tdResultNext"> </td>
</tr>
</table>
</body>
</html>

#2 (**permalink**) 07-31-2009

IE Developer Center
http://msdn.microsoft.com/en-us/ie/default.aspx

Learn IE8
http://msdn.microsoft.com/en-us/ie/aa740473.aspx

Or you could post here instead:

MSDN IE Development Forums
http://social.msdn.microsoft.com/for...iedevelopment/

Lolly Ink wrote:
> Running the code below results in corruption of array memory. Tests
> have resulted in corruption after anywhere between 50,000 and 150,000
> calls to the passArray function. Calling passArray with 1 array
> argument results in corruption too, but takes longer to reproduce than
> if passing 100 array arguments.
>
> <html>
> <style>
> table, th, td
> {
> border: 1px solid black;
> padding: 5px;
> }
>
> table
> {
> width: 100%;
> }
>
> th, td
> {
> width: 50%;
> }
> </style>
> <script>
> var _attempts = 0;
> var _corrupt = false;
> var __x = [];
>
> function testArray()
> {
> doPassArray();
> document.getElementById("spanAttempts").innerHTML = ++_attempts;
> if (_corrupt)
> {
> document.getElementById("tdResultCorrupt").innerHT ML =
> __x.join("<br>");
> __x = [];
> doPassArray();
> document.getElementById("tdResultNext").innerHTML = __x.join
> ("<br>");
> }
> else
> {
> if ((_attempts % 1000) == 0)
> {
> window.setTimeout("testArray()", 0);
> }
> else
> {
> testArray();
> }
> }
> }
>
> function doPassArray()
> {
> passArray(
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"], ["aa", "bb"],
> ["aa", "bb"]);
> }
>
> function passArray()
> {
> for (var indexArgument = 0; (indexArgument < arguments.length)
> && !_corrupt; indexArgument++)
> {
> for (var index = 0; index < arguments[indexArgument].length;
> index++)
> {
> if (arguments[indexArgument][index] == undefined)
> {
> _corrupt = true;
> break;
> }
> }
> }
> if (_corrupt)
> {
> for (var indexArgument = 0; indexArgument < arguments.length;
> indexArgument++)
> {
> __x.push("argument " + indexArgument);
> for (var item in arguments[indexArgument])
> {
> __x.push(item + ": " + arguments[indexArgument][item]);
> }
> __x.push("");
> }
> }
> }
> </script>
> <body onload="testArray()">
> Internet Explorer - Array Corruption Attempts ... <span
> id="spanAttempts"></span><br>
> <table>
> <tr>
> <th>Corrupt</th>
> <th>Next (Back To Normal?)</th>
> </tr>
> <tr>
> <td id="tdResultCorrupt"> </td>
> <td id="tdResultNext"> </td>
> </tr>
> </table>
> </body>
> </html>

IE Reproducible Memory Issue: Corruption of Arrays Passed ToFunctions

microsoft.public.internetexplorer.general