245066 – Crash in /WebKit/Source/JavaScriptCore/parser/Parser.cpp(3012)

Bug 245066 - Crash in /WebKit/Source/JavaScriptCore/parser/Parser.cpp(3012)

Summary: Crash in /WebKit/Source/JavaScriptCore/parser/Parser.cpp(3012)

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Local Build
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Yusuke Suzuki

URL:
Keywords:	InRadar

Duplicates (1):	245657 (view as bug list)
Depends on:
Blocks:

Reported:	2022-09-12 03:16 PDT by xiangwei1895
Modified:	2023-01-26 14:22 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description xiangwei1895 2022-09-12 03:16:00 PDT

JSC crashes when executing the following code：

function main(){
  class a{
    g = []
    'a'(){}
  }
}



ASSERTION FAILED: ident
/data/WebKit/Source/JavaScriptCore/parser/Parser.cpp(3012) : typename TreeBuilder::ClassExpression JSC::Parser<JSC::Lexer<LChar> >::parseClass(TreeBuilder &, JSC::FunctionNameRequirements, ParserClassInfo<TreeBuilder> &) [LexerType = JSC::Lexer<LChar>, TreeBuilder = JSC::SyntaxChecker]

Comment 1 Radar WebKit Bug Importer 2022-09-12 03:16:11 PDT

<rdar://problem/99815328>

Comment 2 Yusuke Suzuki 2022-10-05 19:47:20 PDT

Pull request: https://github.com/WebKit/WebKit/pull/5065

Comment 3 Yusuke Suzuki 2022-10-05 19:48:27 PDT

Making it non security since it is always a nullptr crash.

Comment 4 EWS 2022-10-06 02:21:43 PDT

Committed 255212@main (89c0d4c38e9a): <https://commits.webkit.org/255212@main>

Reviewed commits have been landed. Closing PR #5065 and removing active labels.

Comment 5 Yusuke Suzuki 2023-01-26 14:22:52 PST

*** Bug 245657 has been marked as a duplicate of this bug. ***