157991 2016-05-23 10:31:09 -0700 String template don't handle let initialization properly inside eval 2016-05-23 13:26:26 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 oliver saam commit-queue keith_miller mark.lam msaboff saam ysuzuki oldest_to_newest 1195518 0 oliver 2016-05-23 10:31:09 -0700 Insta crash: eval("let a=a``") I _think_ this code is syntactically correct, but * frame #0: 0x0000000000000000 frame #1: 0x00000001007de3fa JavaScriptCore`llint_entry + 23836 frame #2: 0x00000001007d84fb JavaScriptCore`vmEntryToJavaScript + 299 frame #3: 0x000000010064fafe JavaScriptCore`JSC::JITCode::execute(this=<unavailable>, vm=<unavailable>, protoCallFrame=<unavailable>) + 158 at JITCode.cpp:80 frame #4: 0x00000001005fee66 JavaScriptCore`JSC::Interpreter::execute(this=<unavailable>, eval=<unavailable>, callFrame=<unavailable>, thisValue=JSValue at 0x00007fff5fbfe2d0, scope=<unavailable>) + 1670 at Interpreter.cpp:1255 frame #5: 0x00000001005fe2d5 JavaScriptCore`JSC::eval(callFrame=<unavailable>) + 1669 at Interpreter.cpp:208 frame #6: 0x00000001007d610d JavaScriptCore`::llint_slow_path_call_eval(exec=0x00007fff5fbfeda0, pc=0x00000001029b6668) + 237 at LLIntSlowPaths.cpp:1377 frame #7: 0x00000001007deaf6 JavaScriptCore`llint_entry + 25624 frame #8: 0x00000001007d84fb JavaScriptCore`vmEntryToJavaScript + 299 frame #9: 0x000000010064fafe JavaScriptCore`JSC::JITCode::execute(this=<unavailable>, vm=<unavailable>, protoCallFrame=<unavailable>) + 158 at JITCode.cpp:80 frame #10: 0x0000000100603df6 JavaScriptCore`JSC::Interpreter::execute(this=<unavailable>, program=<unavailable>, callFrame=<unavailable>, thisObj=0x0000000106fabae0) + 15110 at Interpreter.cpp:960 frame #11: 0x00000001002575f7 JavaScriptCore`JSC::evaluate(exec=0x0000000106fdf940, source=0x00007fff5fbff8d0, thisValue=<unavailable>, returnedException=0x00007fff5fbff8f8) + 455 at Completion.cpp:107 frame #12: 0x000000010000448f jsc`runJSC(JSC::VM*, CommandLine) + 370 at jsc.cpp:2068 frame #13: 0x000000010000431d jsc`runJSC(vm=<unavailable>, options=CommandLine at 0x00007fff5fbffa40) + 4061 at jsc.cpp:2244 frame #14: 0x00000001000026cb jsc`jscmain(argc=<unavailable>, argv=<unavailable>) + 763 at jsc.cpp:2294 frame #15: 0x000000010000235a jsc`main(argc=1, argv=0x00007fff5fbffb48) + 154 at jsc.cpp:1947 frame #16: 0x00007fff8f46f5ad libdyld.dylib`start + 1 frame #17: 0x00007fff8f46f5ad libdyld.dylib`start + 1 1195535 1 279571 saam 2016-05-23 12:15:31 -0700 Created attachment 279571 patch 1195562 2 279571 commit-queue 2016-05-23 13:26:22 -0700 Comment on attachment 279571 patch Clearing flags on attachment: 279571 Committed r201293: <http://trac.webkit.org/changeset/201293> 1195563 3 commit-queue 2016-05-23 13:26:26 -0700 All reviewed patches have been landed. Closing bug. 279571 2016-05-23 12:15:31 -0700 2016-05-23 13:26:22 -0700 patch b-backup.diff text/plain 3447 saam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjAxMjkwKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE4IEBA CisyMDE2LTA1LTIzICBTYWFtIGJhcmF0aSAgPHNiYXJhdGlAYXBwbGUuY29tPgorCisgICAgICAg IFN0cmluZyB0ZW1wbGF0ZSBkb24ndCBoYW5kbGUgbGV0IGluaXRpYWxpemF0aW9uIHByb3Blcmx5 IGluc2lkZSBldmFsCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0xNTc5OTEKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBUaGUgZml4IGlzIHRvIG1ha2Ugc3VyZSB3ZSBlbWl0IFREWiBjaGVja3MuIAorCisgICAg ICAgICogYnl0ZWNvbXBpbGVyL05vZGVzQ29kZWdlbi5jcHA6CisgICAgICAgIChKU0M6OlRhZ2dl ZFRlbXBsYXRlTm9kZTo6ZW1pdEJ5dGVjb2RlKToKKyAgICAgICAgKiB0ZXN0cy9zdHJlc3MvdGFn Z2VkLXRlbXBsYXRlLXRkei5qczogQWRkZWQuCisgICAgICAgIChzaG91bGRUaHJvd1REWik6Cisg ICAgICAgICh0ZXN0KToKKwogMjAxNi0wNS0yMiAgU2FhbSBiYXJhdGkgIDxzYmFyYXRpQGFwcGxl LmNvbT4KIAogICAgICAgICBVbnJldmlld2VkLiBGaXhlZCBkZWJ1ZyBhc3NlcnRpb24gZmFpbHVy ZXMgZnJvbSByMjAxMjM1LgpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb21waWxl ci9Ob2Rlc0NvZGVnZW4uY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9i eXRlY29tcGlsZXIvTm9kZXNDb2RlZ2VuLmNwcAkocmV2aXNpb24gMjAxMjkwKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL2J5dGVjb21waWxlci9Ob2Rlc0NvZGVnZW4uY3BwCSh3b3JraW5nIGNv cHkpCkBAIC0yOTIsOSArMjkyLDEwIEBAIFJlZ2lzdGVySUQqIFRhZ2dlZFRlbXBsYXRlTm9kZTo6 ZW1pdEJ5dGUKICAgICAgICAgZXhwZWN0ZWRGdW5jdGlvbiA9IGdlbmVyYXRvci5leHBlY3RlZEZ1 bmN0aW9uRm9ySWRlbnRpZmllcihpZGVudGlmaWVyKTsKIAogICAgICAgICBWYXJpYWJsZSB2YXIg PSBnZW5lcmF0b3IudmFyaWFibGUoaWRlbnRpZmllcik7Ci0gICAgICAgIGlmIChSZWdpc3RlcklE KiBsb2NhbCA9IHZhci5sb2NhbCgpKQorICAgICAgICBpZiAoUmVnaXN0ZXJJRCogbG9jYWwgPSB2 YXIubG9jYWwoKSkgeworICAgICAgICAgICAgZ2VuZXJhdG9yLmVtaXRURFpDaGVja0lmTmVjZXNz YXJ5KHZhciwgbG9jYWwsIG51bGxwdHIpOwogICAgICAgICAgICAgdGFnID0gZ2VuZXJhdG9yLmVt aXRNb3ZlKGdlbmVyYXRvci5uZXdUZW1wb3JhcnkoKSwgbG9jYWwpOwotICAgICAgICBlbHNlIHsK KyAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIHRhZyA9IGdlbmVyYXRvci5uZXdUZW1wb3Jh cnkoKTsKICAgICAgICAgICAgIGJhc2UgPSBnZW5lcmF0b3IubmV3VGVtcG9yYXJ5KCk7CiAKQEAg LTMwMiw2ICszMDMsNyBAQCBSZWdpc3RlcklEKiBUYWdnZWRUZW1wbGF0ZU5vZGU6OmVtaXRCeXRl CiAgICAgICAgICAgICBnZW5lcmF0b3IuZW1pdEV4cHJlc3Npb25JbmZvKG5ld0Rpdm90LCBkaXZv dFN0YXJ0KCksIG5ld0Rpdm90KTsKICAgICAgICAgICAgIGdlbmVyYXRvci5tb3ZlVG9EZXN0aW5h dGlvbklmTmVlZGVkKGJhc2UuZ2V0KCksIGdlbmVyYXRvci5lbWl0UmVzb2x2ZVNjb3BlKGJhc2Uu Z2V0KCksIHZhcikpOwogICAgICAgICAgICAgZ2VuZXJhdG9yLmVtaXRHZXRGcm9tU2NvcGUodGFn LmdldCgpLCBiYXNlLmdldCgpLCB2YXIsIFRocm93SWZOb3RGb3VuZCk7CisgICAgICAgICAgICBn ZW5lcmF0b3IuZW1pdFREWkNoZWNrSWZOZWNlc3NhcnkodmFyLCB0YWcuZ2V0KCksIG51bGxwdHIp OwogICAgICAgICB9CiAgICAgfSBlbHNlIGlmIChtX3RhZy0+aXNCcmFja2V0QWNjZXNzb3JOb2Rl KCkpIHsKICAgICAgICAgQnJhY2tldEFjY2Vzc29yTm9kZSogYnJhY2tldCA9IHN0YXRpY19jYXN0 PEJyYWNrZXRBY2Nlc3Nvck5vZGUqPihtX3RhZyk7CkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENv cmUvdGVzdHMvc3RyZXNzL3RhZ2dlZC10ZW1wbGF0ZS10ZHouanMKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RzL3N0cmVzcy90YWdnZWQtdGVtcGxhdGUtdGR6LmpzCShu b25leGlzdGVudCkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0cy9zdHJlc3MvdGFnZ2Vk LXRlbXBsYXRlLXRkei5qcwkod29ya2luZyBjb3B5KQpAQCAtMCwwICsxLDUxIEBACitmdW5jdGlv biBzaG91bGRUaHJvd1REWihmdW5jKSB7CisgICAgbGV0IGhhc1Rocm93biA9IGZhbHNlOworICAg IHRyeSB7CisgICAgICAgIGZ1bmMoKTsKKyAgICB9IGNhdGNoKGUpIHsKKyAgICAgICAgaWYgKGUu bmFtZS5pbmRleE9mKCJSZWZlcmVuY2VFcnJvciIpICE9PSAtMSkKKyAgICAgICAgICAgIGhhc1Ro cm93biA9IHRydWU7CisgICAgfQorICAgIGlmICghaGFzVGhyb3duKQorICAgICAgICB0aHJvdyBu ZXcgRXJyb3IoIkRpZCBub3QgdGhyb3cgVERaIGVycm9yIik7Cit9Citub0lubGluZShzaG91bGRU aHJvd1REWik7CisKK2Z1bmN0aW9uIHRlc3QoZikgeworICAgIGZvciAobGV0IGkgPSAwOyBpIDwg MTAwMDsgaSsrKQorICAgICAgICBmKCk7Cit9CisKK3Rlc3QoZnVuY3Rpb24oKSB7CisgICAgc2hv dWxkVGhyb3dURFooZnVuY3Rpb24oKSB7CisgICAgICAgIChhKWBgOworICAgICAgICBsZXQgYTsK KyAgICB9KTsKK30pOworCit0ZXN0KGZ1bmN0aW9uKCkgeworICAgIHNob3VsZFRocm93VERaKGZ1 bmN0aW9uKCkgeworICAgICAgICAoYSlgYDsKKyAgICAgICAgbGV0IGE7CisgICAgICAgIGZ1bmN0 aW9uIGNhcHR1cmUoKSB7IHJldHVybiBhOyB9CisgICAgfSk7Cit9KTsKKwordGVzdChmdW5jdGlv bigpIHsKKyAgICBzaG91bGRUaHJvd1REWigoKT0+IHsgKGEpYGA7IH0pOworICAgIGxldCBhOwor fSk7CisKK3Rlc3QoZnVuY3Rpb24oKSB7CisgICAgc2hvdWxkVGhyb3dURFooKCk9PiB7IGV2YWwo IihhKWBgIik7IH0pOworICAgIGxldCBhOworfSk7CisKKwordGVzdChmdW5jdGlvbigpIHsKKyAg ICBzaG91bGRUaHJvd1REWigoKT0+IHsgKGdsb2JhbExldClgYDsgfSk7Cit9KTsKK3Rlc3QoZnVu Y3Rpb24oKSB7CisgICAgc2hvdWxkVGhyb3dURFooKCk9PiB7IGV2YWwoIihnbG9iYWxMZXQpYGA7 Iil9KTsKK30pOworbGV0IGdsb2JhbExldDsK