<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - String template don't handle let initialization properly inside eval"
href="https://bugs.webkit.org/show_bug.cgi?id=157991">157991</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>String template don't handle let initialization properly inside eval
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Keywords</th>
<td>NeedsRadar
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>oliver@apple.com
</td>
</tr>
<tr>
<th>CC</th>
<td>sbarati@apple.com
</td>
</tr></table>
<p>
<div>
<pre>Insta crash:
eval("let a=a``")
I _think_ this code is syntactically correct, but
* frame #0: 0x0000000000000000
frame #1: 0x00000001007de3fa JavaScriptCore`llint_entry + 23836
frame #2: 0x00000001007d84fb JavaScriptCore`vmEntryToJavaScript + 299
frame #3: 0x000000010064fafe JavaScriptCore`JSC::JITCode::execute(this=<unavailable>, vm=<unavailable>, protoCallFrame=<unavailable>) + 158 at JITCode.cpp:80
frame #4: 0x00000001005fee66 JavaScriptCore`JSC::Interpreter::execute(this=<unavailable>, eval=<unavailable>, callFrame=<unavailable>, thisValue=JSValue at 0x00007fff5fbfe2d0, scope=<unavailable>) + 1670 at Interpreter.cpp:1255
frame #5: 0x00000001005fe2d5 JavaScriptCore`JSC::eval(callFrame=<unavailable>) + 1669 at Interpreter.cpp:208
frame #6: 0x00000001007d610d JavaScriptCore`::llint_slow_path_call_eval(exec=0x00007fff5fbfeda0, pc=0x00000001029b6668) + 237 at LLIntSlowPaths.cpp:1377
frame #7: 0x00000001007deaf6 JavaScriptCore`llint_entry + 25624
frame #8: 0x00000001007d84fb JavaScriptCore`vmEntryToJavaScript + 299
frame #9: 0x000000010064fafe JavaScriptCore`JSC::JITCode::execute(this=<unavailable>, vm=<unavailable>, protoCallFrame=<unavailable>) + 158 at JITCode.cpp:80
frame #10: 0x0000000100603df6 JavaScriptCore`JSC::Interpreter::execute(this=<unavailable>, program=<unavailable>, callFrame=<unavailable>, thisObj=0x0000000106fabae0) + 15110 at Interpreter.cpp:960
frame #11: 0x00000001002575f7 JavaScriptCore`JSC::evaluate(exec=0x0000000106fdf940, source=0x00007fff5fbff8d0, thisValue=<unavailable>, returnedException=0x00007fff5fbff8f8) + 455 at Completion.cpp:107
frame #12: 0x000000010000448f jsc`runJSC(JSC::VM*, CommandLine) + 370 at jsc.cpp:2068
frame #13: 0x000000010000431d jsc`runJSC(vm=<unavailable>, options=CommandLine at 0x00007fff5fbffa40) + 4061 at jsc.cpp:2244
frame #14: 0x00000001000026cb jsc`jscmain(argc=<unavailable>, argv=<unavailable>) + 763 at jsc.cpp:2294
frame #15: 0x000000010000235a jsc`main(argc=1, argv=0x00007fff5fbffb48) + 154 at jsc.cpp:1947
frame #16: 0x00007fff8f46f5ad libdyld.dylib`start + 1
frame #17: 0x00007fff8f46f5ad libdyld.dylib`start + 1</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>