[Webkit-unassigned] [Bug 215841] New: Assertion failure in DFGAbstractValue.cpp
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 26 00:37:53 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=215841
Bug ID: 215841
Summary: Assertion failure in DFGAbstractValue.cpp
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: zhunkibatu at gmail.com
Created attachment 407279
--> https://bugs.webkit.org/attachment.cgi?id=407279&action=review
the minimal poc
The following test case cause a assersion failure in DFGAbstractValue.cpp:
function main() {
let arr = [1.1];
function opt() {
(function (main = arr[0x1000]) {}())
}
for (var i = 0; i < 0x1000; i++)
opt(() => 0);
}
main();
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200826/077e8fcd/attachment-0001.htm>
More information about the webkit-unassigned
mailing list