<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><span class="vcard"><a class="email" href="mailto:ap&#64;webkit.org" title="Alexey Proskuryakov &lt;ap&#64;webkit.org&gt;"> <span class="fn">Alexey Proskuryakov</span></a>

</span> changed

              <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - REGRESSION: Reproducible crash in operatorString() on invalid code with async"

   href="https://bugs.webkit.org/show_bug.cgi?id=165091">bug 165091</a>

        <br>

             <table border="1" cellspacing="0" cellpadding="8">

          <tr>

            <th>What</th>

            <th>Removed</th>

            <th>Added</th>

          </tr>

         <tr>

           <td style="text-align:right;">CC</td>

           <td>

               &nbsp;

           </td>

           <td>ggaren&#64;apple.com, sbarati&#64;apple.com, utatane.tea&#64;gmail.com, webkit-bug-importer&#64;group.apple.com

           </td>

         </tr>

         <tr>

           <td style="text-align:right;">Summary</td>

           <td>Out of bounds read in operatorString()

           </td>

           <td>REGRESSION: Reproducible crash in operatorString() on invalid code with async

           </td>

         </tr>

         <tr>

           <td style="text-align:right;">Hardware</td>

           <td>PC

           </td>

           <td>Unspecified

           </td>

         </tr>

         <tr>

           <td style="text-align:right;">OS</td>

           <td>Linux

           </td>

           <td>Unspecified

           </td>

         </tr></table>

      <p>

        <div>

            <b><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - REGRESSION: Reproducible crash in operatorString() on invalid code with async"

   href="https://bugs.webkit.org/show_bug.cgi?id=165091#c1">Comment # 1</a>

              on <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - REGRESSION: Reproducible crash in operatorString() on invalid code with async"

   href="https://bugs.webkit.org/show_bug.cgi?id=165091">bug 165091</a>

              from <span class="vcard"><a class="email" href="mailto:ap&#64;webkit.org" title="Alexey Proskuryakov &lt;ap&#64;webkit.org&gt;"> <span class="fn">Alexey Proskuryakov</span></a>

</span></b>

        <pre>There are multiple issues here:

1. A release mode assertion that gets triggered for this script due to a parser bug.

This reproduces in Safari without ASan, and is a regression in trunk.

2. The port you are using has an issue that causes invalid memory access when trying to cleanly crash.

Let's track #1 in this bug, as it's a more generic issue.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>