Bug 245066

Summary: Crash in /WebKit/Source/JavaScriptCore/parser/Parser.cpp(3012)
Product: WebKit Reporter: xiangwei1895
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, webkit-bug-importer, zhunkibatu
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: PC   
OS: Linux   

Description xiangwei1895 2022-09-12 03:16:00 PDT 
JSC crashes when executing the following codeļ¼š

function main(){
  class a{
    g = []
    'a'(){}
  }
}



ASSERTION FAILED: ident
/data/WebKit/Source/JavaScriptCore/parser/Parser.cpp(3012) : typename TreeBuilder::ClassExpression JSC::Parser<JSC::Lexer<LChar> >::parseClass(TreeBuilder &, JSC::FunctionNameRequirements, ParserClassInfo<TreeBuilder> &) [LexerType = JSC::Lexer<LChar>, TreeBuilder = JSC::SyntaxChecker]
Comment 1 Radar WebKit Bug Importer 2022-09-12 03:16:11 PDT 
<rdar://problem/99815328>
Comment 2 Yusuke Suzuki 2022-10-05 19:47:20 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/5065
Comment 3 Yusuke Suzuki 2022-10-05 19:48:27 PDT 
Making it non security since it is always a nullptr crash.
Comment 4 EWS 2022-10-06 02:21:43 PDT 
Committed 255212@main (89c0d4c38e9a): <https://commits.webkit.org/255212@main>

Reviewed commits have been landed. Closing PR #5065 and removing active labels.
Comment 5 Yusuke Suzuki 2023-01-26 14:22:52 PST 
*** Bug 245657 has been marked as a duplicate of this bug. ***