[Webkit-unassigned] [Bug 254574] New: [JSC ] Segmentation fault in JSC
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 28 00:02:35 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=254574
Bug ID: 254574
Summary: [JSC ] Segmentation fault in JSC
Product: WebKit
Version: WebKit Local Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: xiangwei1895 at gmail.com
## JavaScriptCore Version
b2362a5d6b0dcee521bbc38c226ea2216e2422e7
## Build
Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86_64)
./Tools/Scripts/build-jsc --jsc-only --debug --cmakeargs="-DENABLE_STATIC_JSC=ON -DCMAKE_CXX_FLAGS='-fsanitize=address -g'" --build-dir=ASAN
## Testcase and Execution steps
```
"use strict";
function bar(x, y){
function auxBar(a, b) {
if(a == 0)b+=',';
return auxBar(b-1,a,43);
}
return auxBar(x, y);
}
bar(10, 10);
```
./bin/jsc testcase.js
## Output
Segmentation fault (core dumped)
## Backtrace
AddressSanitizer:DEADLYSIGNAL
=================================================================
==187557==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000002a (pc 0x7f7f3b084044 bp 0x7ffe61a8f270 sp 0x7ffe61a8f1e8 T0)
==187557==The signal is caused by a READ memory access.
==187557==Hint: address points to the zero page.
#0 0x7f7f3b084043 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>)
==187557==ABORTING
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230328/72dae215/attachment.htm>
More information about the webkit-unassigned
mailing list