[Webkit-unassigned] [Bug 157991] New: String template don't handle let initialization properly inside eval
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 23 10:31:09 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=157991
Bug ID: 157991
Summary: String template don't handle let initialization
properly inside eval
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Keywords: NeedsRadar
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: oliver at apple.com
CC: sbarati at apple.com
Insta crash:
eval("let a=a``")
I _think_ this code is syntactically correct, but
* frame #0: 0x0000000000000000
frame #1: 0x00000001007de3fa JavaScriptCore`llint_entry + 23836
frame #2: 0x00000001007d84fb JavaScriptCore`vmEntryToJavaScript + 299
frame #3: 0x000000010064fafe JavaScriptCore`JSC::JITCode::execute(this=<unavailable>, vm=<unavailable>, protoCallFrame=<unavailable>) + 158 at JITCode.cpp:80
frame #4: 0x00000001005fee66 JavaScriptCore`JSC::Interpreter::execute(this=<unavailable>, eval=<unavailable>, callFrame=<unavailable>, thisValue=JSValue at 0x00007fff5fbfe2d0, scope=<unavailable>) + 1670 at Interpreter.cpp:1255
frame #5: 0x00000001005fe2d5 JavaScriptCore`JSC::eval(callFrame=<unavailable>) + 1669 at Interpreter.cpp:208
frame #6: 0x00000001007d610d JavaScriptCore`::llint_slow_path_call_eval(exec=0x00007fff5fbfeda0, pc=0x00000001029b6668) + 237 at LLIntSlowPaths.cpp:1377
frame #7: 0x00000001007deaf6 JavaScriptCore`llint_entry + 25624
frame #8: 0x00000001007d84fb JavaScriptCore`vmEntryToJavaScript + 299
frame #9: 0x000000010064fafe JavaScriptCore`JSC::JITCode::execute(this=<unavailable>, vm=<unavailable>, protoCallFrame=<unavailable>) + 158 at JITCode.cpp:80
frame #10: 0x0000000100603df6 JavaScriptCore`JSC::Interpreter::execute(this=<unavailable>, program=<unavailable>, callFrame=<unavailable>, thisObj=0x0000000106fabae0) + 15110 at Interpreter.cpp:960
frame #11: 0x00000001002575f7 JavaScriptCore`JSC::evaluate(exec=0x0000000106fdf940, source=0x00007fff5fbff8d0, thisValue=<unavailable>, returnedException=0x00007fff5fbff8f8) + 455 at Completion.cpp:107
frame #12: 0x000000010000448f jsc`runJSC(JSC::VM*, CommandLine) + 370 at jsc.cpp:2068
frame #13: 0x000000010000431d jsc`runJSC(vm=<unavailable>, options=CommandLine at 0x00007fff5fbffa40) + 4061 at jsc.cpp:2244
frame #14: 0x00000001000026cb jsc`jscmain(argc=<unavailable>, argv=<unavailable>) + 763 at jsc.cpp:2294
frame #15: 0x000000010000235a jsc`main(argc=1, argv=0x00007fff5fbffb48) + 154 at jsc.cpp:1947
frame #16: 0x00007fff8f46f5ad libdyld.dylib`start + 1
frame #17: 0x00007fff8f46f5ad libdyld.dylib`start + 1
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160523/6104067c/attachment.html>
More information about the webkit-unassigned
mailing list