Interesting bug I found in Flash player 11 today. It may be in other

Question

0

Asked: June 12, 20262026-06-12T20:25:04+00:00 2026-06-12T20:25:04+00:00

Interesting bug I found in Flash player 11 today. It may be in other

0

Interesting bug I found in Flash player 11 today. It may be in other versions as well. I can instantly crash the flash player browser with one line of code, throws no runtime errors, and exits with just one message if you have debug traces enabled: “error: out of memory”.

constructing a vector with a size of -1.

var vector:Vector.<int> = new Vector.<int>(-1);

And poof, your whole application gives up. Array at least throws runtime errors with “out of bounds”. How is this not caught? And could it lead to exploits, since it is unhandled?

Anyone else experience this?
I tested it in version 11.4.31.110 and 11.2.202.235

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T20:25:06+00:00

Editorial Team

2026-06-12T20:25:06+00:00Added an answer on June 12, 2026 at 8:25 pm

probably because the constructor is expecting an unsigned int (only positive numbers).

converting -1 to an unsigned int yields 4,294,967,295, which would make the out of memory error make more sense. might make sense to submit a bug report. otherwise, don’t do that 🙂

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Interesting bug I found in Flash player 11 today. It may be in other

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply