Bug #75813 for JavaScript-V8: segmentation fault when copying self-referencing data structures

Test case script ----------------------------- #!/usr/bin/perl use strict; use warnings; use JavaScript::V8; my $context = JavaScript::V8::Context->new(); $context->bind(dieperl => sub {}); $context->eval(<<EOF); var obj = {}; obj.method = function() { this.loop = this; }; dieperl( new obj.method() ); EOF die $@ if($@); ----------------------------- $ perl testcase zsh: segmentation fault perl testcase $ gdb --args perl testcase (gdb) run Starting program: /usr/bin/perl testcase [Thread debugging using libthread_db enabled] [New Thread 0x7ffff7e7f700 (LWP 3833)] Program received signal SIGSEGV, Segmentation fault. 0x00007ffff665cdcb in v8::internal::ElementsAccessorBase<v8::internal::FastObjectElementsAccessor, v8::internal::ElementsKindTraits<(v8::internal::ElementsKind)1> Show quoted text
v8::internal::JSObject*, v8::internal::FixedArray*, v8::internal::FixedArrayBase*) () from /usr/lib64/libv8.so.3.9.19 (gdb) bt -25 #80606 0x00007ffff6c15182 in V8Context::object2sv (this=0x649790, obj=<value optimized out>) at V8Context.cpp:389 #80607 0x00007ffff6c150ce in V8Context::v82sv (this=0x649790, value=...) at V8Context.cpp:308 #80608 0x00007ffff6c15182 in V8Context::object2sv (this=0x649790, obj=<value optimized out>) at V8Context.cpp:389 #80609 0x00007ffff6c150ce in V8Context::v82sv (this=0x649790, value=...) at V8Context.cpp:308 #80610 0x00007ffff6c1574b in invoke (args=...) at V8Context.cpp:89 #80611 (anonymous namespace)::CVInfo::v8invoke (args=...) at V8Context.cpp:72 #80612 0x00007ffff663532f in v8::internal::Builtin_HandleApiCall(v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>, v8::internal::Isolate*) () from /usr/lib64/libv8.so.3.9.19 #80613 0x000026247950614e in ?? () #80614 0x00002624795060c1 in ?? () ... This is infinite loop of calls V8Context::v82sv() <-> V8Context::object2sv() (consumed all stack).