255582 2023-04-18 00:05:08 -0700 [JSC ] Segmentation fault in latest JSC 2023-04-24 08:51:54 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 xiangwei1895 tzagallo mark.lam webkit-bug-importer ysuzuki oldest_to_newest 1949385 0 xiangwei1895 2023-04-18 00:05:08 -0700 ## JavaScriptCore Version 0fb46c57f3e30f8f3c95e2be03fc3078e671fa9a ## Testcase and Execution steps ``` function f0() { try { eval(`anything()`); } catch (error) { f0.bind()(error); } } function f1() { f0(); f1(); } while (true) { f1(); } ``` ./bin/jsc testcase.js ## Output Segmentation fault (core dumped) ## Backtrace AddressSanitizer:DEADLYSIGNAL ================================================================= ==16740==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000005 (pc 0x7f5686f401d8 bp 0x7ffcc41208f0 sp 0x7ffcc4120850 T0) ==16740==The signal is caused by a READ memory access. ==16740==Hint: address points to the zero page. #0 0x7f5686f401d8 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (<unknown module>) ==16740==ABORTING 1949458 1 webkit-bug-importer 2023-04-18 07:34:54 -0700 <rdar://problem/108199593> 1950747 2 tzagallo 2023-04-24 05:36:01 -0700 Pull request: https://github.com/WebKit/WebKit/pull/13099 1950774 3 ews-feeder 2023-04-24 08:51:51 -0700 Committed 263312@main (0eef1c81db08): <https://commits.webkit.org/263312@main> Reviewed commits have been landed. Closing PR #13099 and removing active labels.