254574 2023-03-28 00:02:35 -0700 [JSC ] Segmentation fault in JSC 2023-04-20 11:34:21 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Local Build PC Linux RESOLVED FIXED InRadar P2 Normal --- 1 xiangwei1895 yijia_huang webkit-bug-importer yijia_huang oldest_to_newest 1944514 0 xiangwei1895 2023-03-28 00:02:35 -0700 ## JavaScriptCore Version b2362a5d6b0dcee521bbc38c226ea2216e2422e7 ## Build Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86_64) ./Tools/Scripts/build-jsc --jsc-only --debug --cmakeargs="-DENABLE_STATIC_JSC=ON -DCMAKE_CXX_FLAGS='-fsanitize=address -g'" --build-dir=ASAN ## Testcase and Execution steps ``` "use strict"; function bar(x, y){ function auxBar(a, b) { if(a == 0)b+=','; return auxBar(b-1,a,43); } return auxBar(x, y); } bar(10, 10); ``` ./bin/jsc testcase.js ## Output Segmentation fault (core dumped) ## Backtrace AddressSanitizer:DEADLYSIGNAL ================================================================= ==187557==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002a (pc 0x7f7f3b084044 bp 0x7ffe61a8f270 sp 0x7ffe61a8f1e8 T0) ==187557==The signal is caused by a READ memory access. ==187557==Hint: address points to the zero page. #0 0x7f7f3b084043 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (<unknown module>) ==187557==ABORTING 1946451 1 webkit-bug-importer 2023-04-04 00:03:15 -0700 <rdar://problem/107598022> 1949913 2 yijia_huang 2023-04-19 17:21:50 -0700 *** Bug 255694 has been marked as a duplicate of this bug. *** 1949914 3 yijia_huang 2023-04-19 17:25:22 -0700 Pull request: https://github.com/WebKit/WebKit/pull/12949 1950125 4 ews-feeder 2023-04-20 11:34:19 -0700 Committed 263183@main (a75b74fc83c0): <https://commits.webkit.org/263183@main> Reviewed commits have been landed. Closing PR #12949 and removing active labels.