[Webkit-unassigned] [Bug 157991] New: String template don't handle let initialization properly inside eval

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon May 23 10:31:09 PDT 2016


https://bugs.webkit.org/show_bug.cgi?id=157991

            Bug ID: 157991
           Summary: String template don't handle let initialization
                    properly inside eval
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Keywords: NeedsRadar
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: oliver at apple.com
                CC: sbarati at apple.com

Insta crash:
eval("let a=a``")

I _think_ this code is syntactically correct, but 

  * frame #0: 0x0000000000000000
    frame #1: 0x00000001007de3fa JavaScriptCore`llint_entry + 23836
    frame #2: 0x00000001007d84fb JavaScriptCore`vmEntryToJavaScript + 299
    frame #3: 0x000000010064fafe JavaScriptCore`JSC::JITCode::execute(this=<unavailable>, vm=<unavailable>, protoCallFrame=<unavailable>) + 158 at JITCode.cpp:80
    frame #4: 0x00000001005fee66 JavaScriptCore`JSC::Interpreter::execute(this=<unavailable>, eval=<unavailable>, callFrame=<unavailable>, thisValue=JSValue at 0x00007fff5fbfe2d0, scope=<unavailable>) + 1670 at Interpreter.cpp:1255
    frame #5: 0x00000001005fe2d5 JavaScriptCore`JSC::eval(callFrame=<unavailable>) + 1669 at Interpreter.cpp:208
    frame #6: 0x00000001007d610d JavaScriptCore`::llint_slow_path_call_eval(exec=0x00007fff5fbfeda0, pc=0x00000001029b6668) + 237 at LLIntSlowPaths.cpp:1377
    frame #7: 0x00000001007deaf6 JavaScriptCore`llint_entry + 25624
    frame #8: 0x00000001007d84fb JavaScriptCore`vmEntryToJavaScript + 299
    frame #9: 0x000000010064fafe JavaScriptCore`JSC::JITCode::execute(this=<unavailable>, vm=<unavailable>, protoCallFrame=<unavailable>) + 158 at JITCode.cpp:80
    frame #10: 0x0000000100603df6 JavaScriptCore`JSC::Interpreter::execute(this=<unavailable>, program=<unavailable>, callFrame=<unavailable>, thisObj=0x0000000106fabae0) + 15110 at Interpreter.cpp:960
    frame #11: 0x00000001002575f7 JavaScriptCore`JSC::evaluate(exec=0x0000000106fdf940, source=0x00007fff5fbff8d0, thisValue=<unavailable>, returnedException=0x00007fff5fbff8f8) + 455 at Completion.cpp:107
    frame #12: 0x000000010000448f jsc`runJSC(JSC::VM*, CommandLine) + 370 at jsc.cpp:2068
    frame #13: 0x000000010000431d jsc`runJSC(vm=<unavailable>, options=CommandLine at 0x00007fff5fbffa40) + 4061 at jsc.cpp:2244
    frame #14: 0x00000001000026cb jsc`jscmain(argc=<unavailable>, argv=<unavailable>) + 763 at jsc.cpp:2294
    frame #15: 0x000000010000235a jsc`main(argc=1, argv=0x00007fff5fbffb48) + 154 at jsc.cpp:1947
    frame #16: 0x00007fff8f46f5ad libdyld.dylib`start + 1
    frame #17: 0x00007fff8f46f5ad libdyld.dylib`start + 1

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160523/6104067c/attachment.html>


More information about the webkit-unassigned mailing list