Bug 254574

Summary: [JSC ] Segmentation fault in JSC
Product: WebKit Reporter: xiangwei1895
Component: JavaScriptCoreAssignee: Yijia Huang <yijia_huang>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer, yijia_huang
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: PC   
OS: Linux   

xiangwei1895
Reported 2023-03-28 00:02:35 PDT
## JavaScriptCore Version b2362a5d6b0dcee521bbc38c226ea2216e2422e7 ## Build Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86_64) ./Tools/Scripts/build-jsc --jsc-only --debug --cmakeargs="-DENABLE_STATIC_JSC=ON -DCMAKE_CXX_FLAGS='-fsanitize=address -g'" --build-dir=ASAN ## Testcase and Execution steps ``` "use strict"; function bar(x, y){ function auxBar(a, b) { if(a == 0)b+=','; return auxBar(b-1,a,43); } return auxBar(x, y); } bar(10, 10); ``` ./bin/jsc testcase.js ## Output Segmentation fault (core dumped) ## Backtrace AddressSanitizer:DEADLYSIGNAL ================================================================= ==187557==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002a (pc 0x7f7f3b084044 bp 0x7ffe61a8f270 sp 0x7ffe61a8f1e8 T0) ==187557==The signal is caused by a READ memory access. ==187557==Hint: address points to the zero page. #0 0x7f7f3b084043 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (<unknown module>) ==187557==ABORTING
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-04-04 00:03:15 PDT
<rdar://problem/107598022>
Yijia Huang
Comment 2 2023-04-19 17:21:50 PDT
*** Bug 255694 has been marked as a duplicate of this bug. ***
Yijia Huang
Comment 3 2023-04-19 17:25:22 PDT
Pull request: https://github.com/WebKit/WebKit/pull/12949
EWS
Comment 4 2023-04-20 11:34:19 PDT
Committed 263183@main (a75b74fc83c0): <https://commits.webkit.org/263183@main> Reviewed commits have been landed. Closing PR #12949 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.