Bug 255582

Summary: [JSC ] Segmentation fault in latest JSC
Product: WebKit Reporter: xiangwei1895
Component: JavaScriptCoreAssignee: Tadeu Zagallo <tzagallo>
Status: RESOLVED FIXED    
Severity: Normal CC: mark.lam, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description xiangwei1895 2023-04-18 00:05:08 PDT 
## JavaScriptCore Version
0fb46c57f3e30f8f3c95e2be03fc3078e671fa9a

## Testcase and  Execution steps
```
function f0() {
    try {
        eval(`anything()`);
    } catch (error) {
        f0.bind()(error);
    }
}
function f1() {
    f0();
    f1();
}
while (true) {
    f1();
}
```
./bin/jsc  testcase.js

## Output
Segmentation fault (core dumped)

## Backtrace
AddressSanitizer:DEADLYSIGNAL
=================================================================
==16740==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000005 (pc 0x7f5686f401d8 bp 0x7ffcc41208f0 sp 0x7ffcc4120850 T0)
==16740==The signal is caused by a READ memory access.
==16740==Hint: address points to the zero page.
    #0 0x7f5686f401d8  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>) 
==16740==ABORTING
Comment 1 Radar WebKit Bug Importer 2023-04-18 07:34:54 PDT 
<rdar://problem/108199593>
Comment 2 Tadeu Zagallo 2023-04-24 05:36:01 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/13099
Comment 3 EWS 2023-04-24 08:51:51 PDT 
Committed 263312@main (0eef1c81db08): <https://commits.webkit.org/263312@main>

Reviewed commits have been landed. Closing PR #13099 and removing active labels.