[Webkit-unassigned] [Bug 211881] New: JavascriptCore crashed cause of Inappropriate optimization

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 13 22:16:58 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=211881

            Bug ID: 211881
           Summary: JavascriptCore crashed cause of Inappropriate
                    optimization
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: 5n1p3r0010 at gmail.com

Created attachment 399333

  --> https://bugs.webkit.org/attachment.cgi?id=399333&action=review

poc file

JavascriptCore latest version(commit:cd34b4dc92f149a1a3d1676014fd5f944e625ed3 on 2020-05-11) crashed on linux cause of Inappropriate optimization.
attached file is the poc.

here is my build args:
/Tools/Scripts/build-jsc --jsc-only --debug --cmakeargs="-DENABLE_STATIC_JSC=ON -DCMAKE_C_COMPILER='/usr/bin/clang' -DCMAKE_CXX_COMPILER='/usr/bin/clang++' -DCMAKE_CXX_FLAGS='-fsanitize-coverage=trace-pc-guard -O3 -lrt'"

just run the poc file as:
xxx/jsc poc.js

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200514/0c89ee6c/attachment.htm>

More information about the webkit-unassigned mailing list