255319 – Segmentation fault in JSC

RESOLVED WORKSFORME255319

Segmentation fault in JSC

https://bugs.webkit.org/show_bug.cgi?id=255319

Summary Segmentation fault in JSC

zhunkibatu

Reported 2023-04-11 22:33:47 PDT

Created attachment 465857 [details] the minimal poc The following js code cause a segmentation fault in JSC. ========================================= function foo() { eval(``); foo.bind()(-1,0); } foo(); =========================================

Attachments
the minimal poc (63 bytes, text/javascript) 2023-04-11 22:33 PDT, zhunkibatu	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2023-04-12 17:32:51 PDT

I cannot reproduce this with macOS 13.4 beta. Just getting an exception: Exception: RangeError: Maximum call stack size exceeded.

Radar WebKit Bug Importer

Comment 2 2023-04-18 22:34:21 PDT

<rdar://problem/108243516>

Yusuke Suzuki

Comment 3 2025-05-23 17:44:47 PDT

It does not reproduce.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WORKSFORME

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware PC

OS Linux

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2023-04-11 22:33 PDT

Modified

2025-05-23 17:44 PDT History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks