Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault (core dumped) in BVUnitT<unsigned long>::Test #6939

Open
anbu1024 opened this issue Jul 20, 2023 · 0 comments
Open

Segmentation fault (core dumped) in BVUnitT<unsigned long>::Test #6939

anbu1024 opened this issue Jul 20, 2023 · 0 comments

Comments

@anbu1024
Copy link

ChakraCore version:
commit c3ead3f

Build cmd:

./build.sh --debug --static

test case

function foo() {
	function* zoo(a,...b) {
		const wind = /[\w]/msuy;
		
		for (const item in zoo) {
		    
		    const apple = class Apple {       
		        o() {
		            a = b;
		        }
		    };
		}
	}
	
	function test() {
		const x = 10;
		return x;
	}
	
	const banana = zoo();
	
	for (const i of banana) {
		const j = i || i;
	}
	
	const ret = test();
	return ret;
}

for(let i=0; i<0x300; i++) {
	foo();
}

top backtrace

#0  0x00007ff7f43013d5 in ?? ()
#1  0x00007fffffff7670 in ?? ()
#2  0x00007fffffff7678 in ?? ()
#3  0x00007fffffff7640 in ?? ()
#4  0x00005555558a26cf in BVUnitT<unsigned long>::Test (this=0x5555557b373e <Js::JavascriptLibrary::GetScriptContext() const+30>, index=32767)
    at ChakraCore/lib/Common/DataStructures/UnitBitVector.h:288
#5  0x00005555564a370e in amd64_CallFunction ()
    at ChakraCore/lib/Runtime/Library/amd64/JavascriptFunctionA.S:100
#6  0x00005555561d797b in Js::JavascriptFunction::CallFunction<true> (function=0x7ff7f432b230, 
    entryPoint=0x7ff7f4301000, args=..., useLargeArgCount=false)
    at ChakraCore/lib/Runtime/Library/JavascriptFunction.cpp:1364
#7  0x00005555561da3bf in Js::JavascriptGenerator::CallGenerator (this=0x7ff7f4329240, data=0x7ff7f4c75030, resumeKind=Js::ResumeYieldKind::Normal)
    at ChakraCore/lib/Runtime/Library/JavascriptGenerator.cpp:198
#8  0x00005555561dada3 in Js::JavascriptGenerator::EntryNext (function=0x7ff7f443c100, callInfo=...)
    at ChakraCore/lib/Runtime/Library/JavascriptGenerator.cpp:265
#9  0x00005555564a370e in amd64_CallFunction ()
    at ChakraCore/lib/Runtime/Library/amd64/JavascriptFunctionA.S:100
#10 0x00005555561d797b in Js::JavascriptFunction::CallFunction<true> (function=0x7ff7f443c100, entryPoint=0x5555561da790 <Js::JavascriptGenerator::EntryNext(Js::RecyclableObject*, Js::CallInfo, ...)>, args=..., useLargeArgCount=false)
    at ChakraCore/lib/Runtime/Library/JavascriptFunction.cpp:1364
#11 0x0000555555ffc758 in Js::InterpreterStackFrame::OP_CallCommon<Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned>(Js::OpLayoutDynamicProfile<Js::OpLayoutT_CallIWithICIndex<Js::LayoutSizePolicy<(Js::LayoutSize)0> > > __unaligned const __unaligned*, Js::RecyclableObject*, unsigned int, Js::AuxArray<unsigned int> const*) (this=0x7fffffffaed0, playout=0x7ff7f54d518c, function=0x7ff7f443c100, flags=2, spreadIndices=0x0)
    at ChakraCore/lib/Runtime/Language/InterpreterStackFrame.cpp:3988
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@anbu1024