[Webkit-unassigned] [Bug 164119] New: SEGFAULT in JSC::BuiltinExecutables / WTFCrash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 28 03:39:05 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=164119

            Bug ID: 164119
           Summary: SEGFAULT in JSC::BuiltinExecutables / WTFCrash
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P3
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: fumfi.255 at gmail.com

Created attachment 293136
  --> https://bugs.webkit.org/attachment.cgi?id=293136&action=review
POC to trigger SEGFAULT (jsc)

Affected SVN revision: 208042

To reproduce the problem:
./jsc webkit_jsc_wtfcrash.js

ASAN Output:

1   0x7fe4d18f3937 WTFCrash
2   0x7fe4d00ae6a9 JSC::BuiltinExecutables::createExecutable(JSC::VM&, JSC::SourceCode const&, JSC::Identifier const&, JSC::ConstructorKind, JSC::ConstructAbility)
3   0x51ff31
4   0x7fe488dfe028
ASAN:DEADLYSIGNAL
=================================================================
==16722==ERROR: AddressSanitizer: SEGV on unknown address 0x0000977537dd (pc 0x7fe4d18f3937 bp 0x000000000000 sp 0x7fff81df6b80 T0)
==16722==The signal is caused by a READ memory access.
    #0 0x7fe4d18f3936 in WTFCrash XYZ/webkit/Source/WTF/wtf/Assertions.cpp:322:5
    #1 0x7fe4d00ae6a8 in JSC::BuiltinExecutables::createExecutable(JSC::VM&, JSC::SourceCode const&, JSC::Identifier const&, JSC::ConstructorKind, JSC::ConstructAbility) XYZ/webkit/Source/JavaScriptCore/builtins/BuiltinExecutables.cpp:92:5
    #2 0x51ff30 in functionCreateBuiltin(JSC::ExecState*) XYZ/webkit/Source/JavaScriptCore/jsc.cpp:2260:62
    #3 0x7fe488dfe027  (<unknown module>)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV XYZ/webkit/Source/WTF/wtf/Assertions.cpp:322:5 in WTFCrash
==16722==ABORTING


Regards,
Kamil Frankowicz

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161028/41a3154e/attachment-0001.html>

More information about the webkit-unassigned mailing list