<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)"
href="https://bugs.webkit.org/show_bug.cgi?id=147538">147538</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>528+ (Nightly build)
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>puzzorsj@gmail.com
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=258030" name="attach_258030" title="./jsc a.js">attachment 258030</a> <a href="attachment.cgi?id=258030&action=edit" title="./jsc a.js">[details]</a></span>
./jsc a.js
When you put "V={=>" in JavaScriptCore, it will crash.
#0 0x00007ffff79eaaab in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#1 0x00007ffff79e5ca6 in JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char> >::parseMemberExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#2 0x00007ffff79a9092 in JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char> >::parseAssignmentExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) [clone .part.592] () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#3 0x00007ffff79aa6d7 in JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char> >::parseAssignmentExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) [clone .part.592] () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#4 0x00007ffff79ebb82 in JSC::ASTBuilder::Expression JSC::Parser<JSC::Lexer<unsigned char> >::parseExpression<JSC::ASTBuilder>(JSC::ASTBuilder&) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#5 0x00007ffff79ef6ad in JSC::ASTBuilder::Statement JSC::Parser<JSC::Lexer<unsigned char> >::parseExpressionOrLabelStatement<JSC::ASTBuilder>(JSC::ASTBuilder&) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#6 0x00007ffff79eed9b in JSC::ASTBuilder::Statement JSC::Parser<JSC::Lexer<unsigned char> >::parseStatement<JSC::ASTBuilder>(JSC::ASTBuilder&, JSC::Identifier const*&, unsigned int*) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#7 0x00007ffff79efcf0 in JSC::ASTBuilder::Statement JSC::Parser<JSC::Lexer<unsigned char> >::parseStatementListItem<JSC::ASTBuilder>(JSC::ASTBuilder&, JSC::Identifier const*&, unsigned int*) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#8 0x00007ffff79effd6 in JSC::ASTBuilder::SourceElements JSC::Parser<JSC::Lexer<unsigned char> >::parseSourceElements<JSC::ASTBuilder>(JSC::ASTBuilder&, JSC::SourceElementsMode) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#9 0x00007ffff79f1037 in JSC::Parser<JSC::Lexer<unsigned char> >::parseInner(JSC::Identifier const&, JSC::FunctionParseMode) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#10 0x00007ffff767f801 in std::unique_ptr<JSC::ProgramNode, std::default_delete<JSC::ProgramNode> > JSC::Parser<JSC::Lexer<unsigned char> >::parse<JSC::ProgramNode>(JSC::ParserError&, JSC::Identifier const&, JSC::FunctionParseMode) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#11 0x00007ffff7680194 in std::unique_ptr<JSC::ProgramNode, std::default_delete<JSC::ProgramNode> > JSC::parse<JSC::ProgramNode>(JSC::VM*, JSC::SourceCode const&, JSC::Identifier const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::JSParserCodeType, JSC::ParserError&, JSC::JSTextPosition*, JSC::FunctionParseMode, JSC::ConstructorKind, JSC::ThisTDZMode) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#12 0x00007ffff7a79b28 in JSC::UnlinkedProgramCodeBlock* JSC::CodeCache::getGlobalCodeBlock<JSC::UnlinkedProgramCodeBlock, JSC::ProgramExecutable>(JSC::VM&, JSC::ProgramExecutable*, JSC::SourceCode const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::ThisTDZMode, JSC::DebuggerMode, JSC::ProfilerMode, JSC::ParserError&, JSC::VariableEnvironment const*) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#13 0x00007ffff7a770f5 in JSC::CodeCache::getProgramCodeBlock(JSC::VM&, JSC::ProgramExecutable*, JSC::SourceCode const&, JSC::JSParserBuiltinMode, JSC::JSParserStrictMode, JSC::DebuggerMode, JSC::ProfilerMode, JSC::ParserError&) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#14 0x00007ffff7af5d49 in JSC::JSGlobalObject::createProgramCodeBlock(JSC::ExecState*, JSC::ProgramExecutable*, JSC::JSObject**) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#15 0x00007ffff7abb9e6 in JSC::ProgramExecutable::initializeGlobalProperties(JSC::VM&, JSC::ExecState*, JSC::JSScope*) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#16 0x00007ffff790f0ad in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#17 0x00007ffff7a90d5a in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /home/puzzor/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#18 0x000000000040d9f6 in jscmain(int, char**) ()
#19 0x0000000000407848 in main ()
#20 0x00007ffff6bb9ec5 in __libc_start_main (main=0x4077d0 <main>, argc=0x2, argv=0x7fffffffe5d8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe5c8) at libc-start.c:287
#21 0x00000000004078a3 in _start ()
In template <class TreeBuilder> TreeProperty Parser<LexerType>::parseProperty(TreeBuilder& context, bool complete), ident may be a invalid ptr and the reference to it may be wrong.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>