[Webkit-unassigned] [Bug 211881] JavascriptCore crashed cause of Inappropriate optimization

Thu May 14 18:04:22 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=211881

szwgg <5n1p3r0010 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Group|                            |Security-Sensitive
                 CC|                            |5n1p3r0010 at gmail.com,
                   |                            |bfulgham at webkit.org,
                   |                            |product-security at apple.com,
                   |                            |webkit-bug-importer at group.a
                   |                            |pple.com
          Component|New Bugs                    |Security
            Version|Other                       |WebKit Local Build
            Product|WebKit                      |Security
           Severity|Normal                      |Critical

--- Comment #1 from szwgg <5n1p3r0010 at gmail.com> ---
(In reply to szwgg from comment #0)
> Created attachment 399333 [details]
> poc file
> 
> JavascriptCore latest
> version(commit:cd34b4dc92f149a1a3d1676014fd5f944e625ed3 on 2020-05-11)
> crashed on linux cause of Inappropriate optimization.
> attached file is the poc.
> 
> here is my build args:
> /Tools/Scripts/build-jsc --jsc-only --debug
> --cmakeargs="-DENABLE_STATIC_JSC=ON -DCMAKE_C_COMPILER='/usr/bin/clang'
> -DCMAKE_CXX_COMPILER='/usr/bin/clang++'
> -DCMAKE_CXX_FLAGS='-fsanitize-coverage=trace-pc-guard -O3 -lrt'"
> 
> just run the poc file as:
> xxx/jsc poc.js

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200515/d6389e1a/attachment.htm>