Bug 255582 - [JSC ] Segmentation fault in latest JSC
Summary: [JSC ] Segmentation fault in latest JSC
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Tadeu Zagallo
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2023-04-18 00:05 PDT by xiangwei1895
Modified: 2023-04-24 08:51 PDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description xiangwei1895 2023-04-18 00:05:08 PDT 
## JavaScriptCore Version
0fb46c57f3e30f8f3c95e2be03fc3078e671fa9a

## Testcase and  Execution steps
```
function f0() {
    try {
        eval(`anything()`);
    } catch (error) {
        f0.bind()(error);
    }
}
function f1() {
    f0();
    f1();
}
while (true) {
    f1();
}
```
./bin/jsc  testcase.js

## Output
Segmentation fault (core dumped)

## Backtrace
AddressSanitizer:DEADLYSIGNAL
=================================================================
==16740==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000005 (pc 0x7f5686f401d8 bp 0x7ffcc41208f0 sp 0x7ffcc4120850 T0)
==16740==The signal is caused by a READ memory access.
==16740==Hint: address points to the zero page.
    #0 0x7f5686f401d8  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>) 
==16740==ABORTING
Comment 1 Radar WebKit Bug Importer 2023-04-18 07:34:54 PDT 
<rdar://problem/108199593>
Comment 2 Tadeu Zagallo 2023-04-24 05:36:01 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/13099
Comment 3 EWS 2023-04-24 08:51:51 PDT 
Committed 263312@main (0eef1c81db08): <https://commits.webkit.org/263312@main>

Reviewed commits have been landed. Closing PR #13099 and removing active labels.