[Webkit-unassigned] [Bug 255582] New: [JSC ] Segmentation fault in latest JSC
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 18 00:05:08 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=255582
Bug ID: 255582
Summary: [JSC ] Segmentation fault in latest JSC
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: xiangwei1895 at gmail.com
## JavaScriptCore Version
0fb46c57f3e30f8f3c95e2be03fc3078e671fa9a
## Testcase and Execution steps
```
function f0() {
try {
eval(`anything()`);
} catch (error) {
f0.bind()(error);
}
}
function f1() {
f0();
f1();
}
while (true) {
f1();
}
```
./bin/jsc testcase.js
## Output
Segmentation fault (core dumped)
## Backtrace
AddressSanitizer:DEADLYSIGNAL
=================================================================
==16740==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000005 (pc 0x7f5686f401d8 bp 0x7ffcc41208f0 sp 0x7ffcc4120850 T0)
==16740==The signal is caused by a READ memory access.
==16740==Hint: address points to the zero page.
#0 0x7f5686f401d8 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>)
==16740==ABORTING
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230418/0c3f9719/attachment.htm>
More information about the webkit-unassigned
mailing list