Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.15.3
-
dde1d86baabac1eddd84a11b7d2ed49e26c511bd (qt/qtdeclarative/dev) 762e70ea2ec028d0ce1659ed4ae8fc2ec47d950f (qt/qtdeclarative/6.2) 0e88794676 (qt/tqtc-qtdeclarative/5.15)
Description
This code :
function *a() { (function() { yield 1; })(); } let it = a(); it.next();
is accepted as valid syntax leading to a crash when JIT kicks in :
QV4::JIT::BaselineJIT::generate_Yield() QV4::Moth::ByteCodeHandler::decode(const char * code, unsigned int len) QV4::JIT::BaselineJIT::generate()
PS: I wasn't able to crash the app with the code above which is derived from our real world crash and fix knowledge on this.