RESOLVED INVALID 164119
SEGFAULT in JSC::BuiltinExecutables / WTFCrash 
https://bugs.webkit.org/show_bug.cgi?id=164119
Summary SEGFAULT in JSC::BuiltinExecutables / WTFCrash
Kamil Frankowicz
Reported 2016-10-28 03:39:05 PDT
Created attachment 293136 [details] POC to trigger SEGFAULT (jsc) Affected SVN revision: 208042 To reproduce the problem: ./jsc webkit_jsc_wtfcrash.js ASAN Output: 1 0x7fe4d18f3937 WTFCrash 2 0x7fe4d00ae6a9 JSC::BuiltinExecutables::createExecutable(JSC::VM&, JSC::SourceCode const&, JSC::Identifier const&, JSC::ConstructorKind, JSC::ConstructAbility) 3 0x51ff31 4 0x7fe488dfe028 ASAN:DEADLYSIGNAL ================================================================= ==16722==ERROR: AddressSanitizer: SEGV on unknown address 0x0000977537dd (pc 0x7fe4d18f3937 bp 0x000000000000 sp 0x7fff81df6b80 T0) ==16722==The signal is caused by a READ memory access. #0 0x7fe4d18f3936 in WTFCrash XYZ/webkit/Source/WTF/wtf/Assertions.cpp:322:5 #1 0x7fe4d00ae6a8 in JSC::BuiltinExecutables::createExecutable(JSC::VM&, JSC::SourceCode const&, JSC::Identifier const&, JSC::ConstructorKind, JSC::ConstructAbility) XYZ/webkit/Source/JavaScriptCore/builtins/BuiltinExecutables.cpp:92:5 #2 0x51ff30 in functionCreateBuiltin(JSC::ExecState*) XYZ/webkit/Source/JavaScriptCore/jsc.cpp:2260:62 #3 0x7fe488dfe027 (<unknown module>) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV XYZ/webkit/Source/WTF/wtf/Assertions.cpp:322:5 in WTFCrash ==16722==ABORTING Regards, Kamil Frankowicz
Attachments
POC to trigger SEGFAULT (jsc) (23 bytes, application/javascript)
2016-10-28 03:39 PDT, Kamil Frankowicz 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2016-10-29 22:54:16 PDT
That is OK since these functions are used just for testing purpose in the JSC shell. Builtin code is supposed to be always parsed correctly since it is included in JSC :)
Note You need to log in before you can comment on or make changes to this bug.