Bug 254574

Summary: [JSC ] Segmentation fault in JSC
Product: WebKit Reporter: xiangwei1895
Component: JavaScriptCoreAssignee: Yijia Huang <yijia_huang>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer, yijia_huang
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: PC   
OS: Linux   

Description xiangwei1895 2023-03-28 00:02:35 PDT 
## JavaScriptCore Version
b2362a5d6b0dcee521bbc38c226ea2216e2422e7

## Build 
Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86_64)

./Tools/Scripts/build-jsc --jsc-only --debug --cmakeargs="-DENABLE_STATIC_JSC=ON -DCMAKE_CXX_FLAGS='-fsanitize=address -g'" --build-dir=ASAN

## Testcase and  Execution steps
```
"use strict";

function bar(x, y){
    function auxBar(a, b) {
        if(a == 0)b+=',';
        return auxBar(b-1,a,43);
    }
    return auxBar(x, y);
}

bar(10, 10);
```
./bin/jsc  testcase.js

## Output
Segmentation fault (core dumped)

## Backtrace
AddressSanitizer:DEADLYSIGNAL
=================================================================
==187557==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002a (pc 0x7f7f3b084044 bp 0x7ffe61a8f270 sp 0x7ffe61a8f1e8 T0)
==187557==The signal is caused by a READ memory access.
==187557==Hint: address points to the zero page.
    #0 0x7f7f3b084043  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>) 
==187557==ABORTING
Comment 1 Radar WebKit Bug Importer 2023-04-04 00:03:15 PDT 
<rdar://problem/107598022>
Comment 2 Yijia Huang 2023-04-19 17:21:50 PDT 
*** Bug 255694 has been marked as a duplicate of this bug. ***
Comment 3 Yijia Huang 2023-04-19 17:25:22 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/12949
Comment 4 EWS 2023-04-20 11:34:19 PDT 
Committed 263183@main (a75b74fc83c0): <https://commits.webkit.org/263183@main>

Reviewed commits have been landed. Closing PR #12949 and removing active labels.