Created attachment 463459 [details] Reproducing case The attached source fails with a segmentation fault when lexing the 0x1n bigint identifier. This seems to be because we use a JSBigInt value within the parser to handle converting non-decimal integer constants to decimal identifiers. When allocating this JSBigInt fails (in this case, because we have exhausted all memory in the previous invocation of foo), we try to throw an exception. In the lexer/parser however, there is no global object to throw an exception to, so the bigint implementation falls back to returning a null pointer, which causes the segfault when we use it later in makeBigIntDecimalIdentifier. rdar://98566429
Pull request: https://github.com/WebKit/WebKit/pull/6271
Committed 256501@main (32b972813979): <https://commits.webkit.org/256501@main> Reviewed commits have been landed. Closing PR #6271 and removing active labels.