[Webkit-unassigned] [Bug 165091] REGRESSION: Reproducible crash in operatorString() on invalid code with async
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 1 11:10:39 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=165091
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ggaren at apple.com,
| |sbarati at apple.com,
| |utatane.tea at gmail.com,
| |webkit-bug-importer at group.a
| |pple.com
Summary|Out of bounds read in |REGRESSION: Reproducible
|operatorString() |crash in operatorString()
| |on invalid code with async
Hardware|PC |Unspecified
OS|Linux |Unspecified
--- Comment #1 from Alexey Proskuryakov <ap at webkit.org> ---
There are multiple issues here:
1. A release mode assertion that gets triggered for this script due to a parser bug.
This reproduces in Safari without ASan, and is a regression in trunk.
2. The port you are using has an issue that causes invalid memory access when trying to cleanly crash.
Let's track #1 in this bug, as it's a more generic issue.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161201/07f40dbb/attachment.html>
More information about the webkit-unassigned
mailing list