Bug 255319

Summary: Segmentation fault in JSC
Product: WebKit Reporter: zhunkibatu
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: mark.lam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
the minimal poc none

Description zhunkibatu 2023-04-11 22:33:47 PDT 
Created attachment 465857 [details]
the minimal poc

The following js code cause a segmentation fault in JSC.
=========================================

function foo() {
    eval(``);
    foo.bind()(-1,0);
}

foo();

=========================================
Comment 1 Alexey Proskuryakov 2023-04-12 17:32:51 PDT 
I cannot reproduce this with macOS 13.4 beta. Just getting an exception:

Exception: RangeError: Maximum call stack size exceeded.
Comment 2 Radar WebKit Bug Importer 2023-04-18 22:34:21 PDT 
<rdar://problem/108243516>