Bug 283795

Hello, I found a crash in JavaScriptCore Lexer. The Poc is below: ==============Poc.js============== 000 class C { static h; } ================================ I compiled JavaScriptCore(commit id: 2cba369d0b95a5e3a07452103efbb20d16ca3de0) in Debug mode. When run Poc.js, JSC crashed as below. ASSERTION FAILED: !m_error WebKit-https/WebKit_validate/Source/JavaScriptCore/parser/Lexer.cpp(1909) : JSC::JSTokenType JSC::Lexer<char16_t>::lexWithoutClearingLineTerminator(JSC::JSToken *, OptionSet<JSC::LexerFlags>, bool) [T = char16_t] 1 0x7f6ae49f2812 WebKit-https/WebKit_validate/cmake-build-debug/lib/libJavaScriptCore.so.1(+0x1107812) [0x7f6ae49f2812] 2 0x7f6ae493488f WebKit-https/WebKit_validate/cmake-build-debug/lib/libJavaScriptCore.so.1(+0x104988f) [0x7f6ae493488f] 3 0x7f6ae3e83a7d WebKit-https/WebKit_validate/cmake-build-debug/lib/libJavaScriptCore.so.1(+0x598a7d) [0x7f6ae3e83a7d] 4 0x7f6ae3e82cdd WebKit-https/WebKit_validate/cmake-build-debug/lib/libJavaScriptCore.so.1(+0x597cdd) [0x7f6ae3e82cdd] 5 0x7f6ae3e80af0 WebKit-https/WebKit_validate/cmake-build-debug/lib/libJavaScriptCore.so.1(+0x595af0) [0x7f6ae3e80af0] 6 0x7f6ae4e4b442 WebKit-https/WebKit_validate/cmake-build-debug/lib/libJavaScriptCore.so.1(+0x1560442) [0x7f6ae4e4b442] 7 0x7f6ae4e4ca0f WebKit-https/WebKit_validate/cmake-build-debug/lib/libJavaScriptCore.so.1(+0x1561a0f) [0x7f6ae4e4ca0f] 8 0x7f6ae4867eab WebKit-https/WebKit_validate/cmake-build-debug/lib/libJavaScriptCore.so.1(+0xf7ceab) [0x7f6ae4867eab] 9 0x7f6ae48679ff WebKit-https/WebKit_validate/cmake-build-debug/lib/libJavaScriptCore.so.1(+0xf7c9ff) [0x7f6ae48679ff] 10 0x7f6a9673c017 [0x7f6a9673c017] Decimal integer literals with leading zero are forbidden in strct mode, but lexer can still invoke next() function in consume() and trigger the assertion in lexWithoutClearingLineTerminator.