RESOLVED FIXED 197749
parseStatementListItem needs a stack overflow check 
https://bugs.webkit.org/show_bug.cgi?id=197749
Summary parseStatementListItem needs a stack overflow check
Keith Miller
Reported 2019-05-09 12:00:55 PDT
parseStatementListItem needs a stack overflow check
Attachments
Patch (2.82 KB, patch)
2019-05-09 12:02 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Patch (2.85 KB, patch)
2019-05-09 12:03 PDT, Keith Miller 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Keith Miller
Comment 1 2019-05-09 12:02:18 PDT
Created attachment 369506 [details] Patch
Keith Miller
Comment 2 2019-05-09 12:03:09 PDT
Created attachment 369507 [details] Patch
Keith Miller
Comment 3 2019-05-09 12:03:34 PDT
rdar://problem/50302697
Yusuke Suzuki
Comment 4 2019-05-09 12:05:07 PDT
Comment on attachment 369507 [details] Patch r=me too :)
WebKit Commit Bot
Comment 5 2019-05-09 12:40:54 PDT
Comment on attachment 369507 [details] Patch Clearing flags on attachment: 369507 Committed r245152: <https://trac.webkit.org/changeset/245152>
WebKit Commit Bot
Comment 6 2019-05-09 12:40:55 PDT
All reviewed patches have been landed. Closing bug.
Ryan Haddad
Comment 7 2019-05-09 15:40:39 PDT
stress/many-nested-functions-parser-stack-overflow.js is failing on the release JSC bot: https://build.webkit.org/builders/Apple%20High%20Sierra%20Release%20JSC%20(Tests)/builds/9309/steps/jscore-test/logs/stdio
Ryan Haddad
Comment 8 2019-05-09 15:49:52 PDT
It looks like jsc-ews saw the same: ** The following JSC stress test failures have been introduced: stress/many-nested-functions-parser-stack-overflow.js.bytecode-cache stress/many-nested-functions-parser-stack-overflow.js.default stress/many-nested-functions-parser-stack-overflow.js.dfg-eager stress/many-nested-functions-parser-stack-overflow.js.dfg-eager-no-cjit-validate stress/many-nested-functions-parser-stack-overflow.js.dfg-maximal-flush-validate-no-cjit stress/many-nested-functions-parser-stack-overflow.js.ftl-eager stress/many-nested-functions-parser-stack-overflow.js.ftl-eager-no-cjit stress/many-nested-functions-parser-stack-overflow.js.ftl-eager-no-cjit-b3o1 stress/many-nested-functions-parser-stack-overflow.js.ftl-no-cjit-b3o0 stress/many-nested-functions-parser-stack-overflow.js.ftl-no-cjit-no-inline-validate stress/many-nested-functions-parser-stack-overflow.js.ftl-no-cjit-no-put-stack-validate stress/many-nested-functions-parser-stack-overflow.js.ftl-no-cjit-small-pool stress/many-nested-functions-parser-stack-overflow.js.ftl-no-cjit-validate-sampling-profiler stress/many-nested-functions-parser-stack-overflow.js.no-cjit-collect-continuously stress/many-nested-functions-parser-stack-overflow.js.no-cjit-validate-phases stress/many-nested-functions-parser-stack-overflow.js.no-ftl stress/many-nested-functions-parser-stack-overflow.js.no-llint
Keith Miller
Comment 9 2019-05-09 16:09:04 PDT
(In reply to Ryan Haddad from comment #8) > It looks like jsc-ews saw the same: > ** The following JSC stress test failures have been introduced: > stress/many-nested-functions-parser-stack-overflow.js.bytecode-cache > stress/many-nested-functions-parser-stack-overflow.js.default > stress/many-nested-functions-parser-stack-overflow.js.dfg-eager > stress/many-nested-functions-parser-stack-overflow.js.dfg-eager-no-cjit- > validate > stress/many-nested-functions-parser-stack-overflow.js.dfg-maximal-flush- > validate-no-cjit > stress/many-nested-functions-parser-stack-overflow.js.ftl-eager > stress/many-nested-functions-parser-stack-overflow.js.ftl-eager-no-cjit > stress/many-nested-functions-parser-stack-overflow.js.ftl-eager-no-cjit-b3o1 > stress/many-nested-functions-parser-stack-overflow.js.ftl-no-cjit-b3o0 > stress/many-nested-functions-parser-stack-overflow.js.ftl-no-cjit-no-inline- > validate > stress/many-nested-functions-parser-stack-overflow.js.ftl-no-cjit-no-put- > stack-validate > stress/many-nested-functions-parser-stack-overflow.js.ftl-no-cjit-small-pool > stress/many-nested-functions-parser-stack-overflow.js.ftl-no-cjit-validate- > sampling-profiler > stress/many-nested-functions-parser-stack-overflow.js.no-cjit-collect- > continuously > stress/many-nested-functions-parser-stack-overflow.js.no-cjit-validate- > phases > stress/many-nested-functions-parser-stack-overflow.js.no-ftl > stress/many-nested-functions-parser-stack-overflow.js.no-llint Should be fixed with: https://trac.webkit.org/changeset/245163
Note You need to log in before you can comment on or make changes to this bug.