245657 – crash in javascriptcore

RESOLVED DUPLICATE of bug 245066 Bug 245657

crash in javascriptcore

https://bugs.webkit.org/show_bug.cgi?id=245657

Summary crash in javascriptcore

zhunkibatu

Reported 2022-09-25 23:29:35 PDT

Created attachment 462613 [details] the minimal poc The following poc cause latest JavaScriptCore to crash. function main() { class a { g = [] 'a'(){} } }

Attachments
the minimal poc (72 bytes, text/javascript) 2022-09-25 23:29 PDT, zhunkibatu	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2022-09-26 14:16:35 PDT

Similar stack trace to bug 225094.

Radar WebKit Bug Importer

Comment 2 2022-09-26 14:17:00 PDT

<rdar://problem/100427854>

serakeri

Comment 3 2023-01-26 14:01:06 PST

I believe this may have been fixed. I'm unable to reproduce this on Safari 16.3 or on a jsc build with the latest commits.

Yusuke Suzuki

Comment 4 2023-01-26 14:22:52 PST

Yeah, this is fixed in bug 245066. Thanks! *** This bug has been marked as a duplicate of bug 245066 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 245066

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2022-09-25 23:29 PDT

Modified

2023-01-26 14:22 PST History

CC List

4 users Show

URL

Keywords InRadar

Depends on

Blocks