Bug 255582

Summary:	[JSC ] Segmentation fault in latest JSC
Product:	WebKit	Reporter:	xiangwei1895
Component:	JavaScriptCore	Assignee:	Tadeu Zagallo <tzagallo>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	mark.lam, webkit-bug-importer, ysuzuki
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

xiangwei1895

Reported 2023-04-18 00:05:08 PDT

## JavaScriptCore Version 0fb46c57f3e30f8f3c95e2be03fc3078e671fa9a ## Testcase and Execution steps ``` function f0() { try { eval(`anything()`); } catch (error) { f0.bind()(error); } } function f1() { f0(); f1(); } while (true) { f1(); } ``` ./bin/jsc testcase.js ## Output Segmentation fault (core dumped) ## Backtrace AddressSanitizer:DEADLYSIGNAL ================================================================= ==16740==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000005 (pc 0x7f5686f401d8 bp 0x7ffcc41208f0 sp 0x7ffcc4120850 T0) ==16740==The signal is caused by a READ memory access. ==16740==Hint: address points to the zero page. #0 0x7f5686f401d8 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (<unknown module>) ==16740==ABORTING

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-04-18 07:34:54 PDT

<rdar://problem/108199593>

Tadeu Zagallo

Comment 2 2023-04-24 05:36:01 PDT

Pull request: https://github.com/WebKit/WebKit/pull/13099

EWS

Comment 3 2023-04-24 08:51:51 PDT

Committed 263312@main (0eef1c81db08): <https://commits.webkit.org/263312@main> Reviewed commits have been landed. Closing PR #13099 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.