SEGV ecma_deref_object (erry-core/ecma/base/ecma-gc.c:149)

[nszetei]

JerryScript revision

a56e31f

Build platform

Ubuntu 18.04.4 LTS (Linux 4.15.0-91-generic x86_64)

Build steps

• first output

python tools/build.py --profile=es2015-subset --lto=off --compile-flag=-g \
--error-messages=on --debug --strip=off --logging=on \
 --compile-flag=-fsanitize=address --stack-limit=15

• second output

python tools/build.py --profile=es2015-subset --lto=off --compile-flag=-g  \
--strip=off --logging=on  --stack-limit=15

Test case

function main() {
var v1 = [1337,1337,1337,1337,1337];
var v5 = {length:"size",d:343661.18346282793,__proto__:13.37};
var v7 = {ownKeys:gc,defineProperty:gc,getPrototypeOf:gc,has:gc,call:gc,apply:gc,getOwnPropertyDescriptor:gc,isExtensible:gc,deleteProperty:v5,construct:gc};
var v9 = new Proxy(gc,v7);
var v10 = v9;
function v13(v14,v15,v16) {
}
var v17 = {set:Object,apply:Object,call:v13,get:resourceName,getOwnPropertyDescriptor:v13,deleteProperty:resourceName,isExtensible:v13,construct:resourceName,setPrototypeOf:v13,ownKeys:Object,preventExtensions:v13,defineProperty:Object};
var v19 = new Proxy(v10,v17);
delete v19[v1];
}
main();

Execution steps

$ ~/jerryscript/build/bin/jerry 01.js
AddressSanitizer:DEADLYSIGNAL
=================================================================
==15982==ERROR: AddressSanitizer: SEGV on unknown address 0x006ddfff806d (pc 0x55b637251552 bp 0x7fffa420e420 sp 0x7fffa420e410 T0)
==15982==The signal is caused by a READ memory access.
    #0 0x55b637251551 in ecma_deref_object /home/jerryscript/jerry-core/ecma/base/ecma-gc.c:149
    #1 0x55b63726dd83 in ecma_free_property_descriptor /home/jerryscript/jerry-core/ecma/base/ecma-helpers.c:1204
    #2 0x55b6372b3732 in ecma_proxy_object_delete_property /home/jerryscript/jerry-core/ecma/operations/ecma-proxy-object.c:1393
    #3 0x55b6372a8eda in ecma_op_object_delete /home/jerryscript/jerry-core/ecma/operations/ecma-objects.c:1688
    #4 0x55b63738190b in vm_op_delete_prop /home/jerryscript/jerry-core/vm/opcodes.c:223
    #5 0x55b63730841f in vm_loop /home/jerryscript/jerry-core/vm/vm.c:2533
    #6 0x55b637310c9d in vm_execute /home/jerryscript/jerry-core/vm/vm.c:4184
    #7 0x55b637311322 in vm_run /home/jerryscript/jerry-core/vm/vm.c:4292
    #8 0x55b63729a89c in ecma_op_function_call_simple /home/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:932
    #9 0x55b63729b1eb in ecma_op_function_call /home/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1131
    #10 0x55b6372ff0dd in opfunc_call /home/jerryscript/jerry-core/vm/vm.c:764
    #11 0x55b637310d17 in vm_execute /home/jerryscript/jerry-core/vm/vm.c:4190
    #12 0x55b637311322 in vm_run /home/jerryscript/jerry-core/vm/vm.c:4292
    #13 0x55b6372fd89a in vm_run_global /home/jerryscript/jerry-core/vm/vm.c:321
    #14 0x55b6372471d0 in jerry_run /home/jerryscript/jerry-core/api/jerry.c:595
    #15 0x55b637243c97 in main /home/jerryscript/jerry-main/main-unix.c:759
    #16 0x7fbbd53cf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #17 0x55b63724174d in _start (/home/jerryscript/build/bin/jerry+0x5274d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/jerryscript/jerry-core/ecma/base/ecma-gc.c:149 in ecma_deref_object
==15982==ABORTING

$ gdb -nx -q ~/jerryscript2/build/bin/jerry -ex 'r 01.js'
Reading symbols from /home/jerryscript2/build/bin/jerry...
Starting program: /home/jerryscript2/build/bin/jerry 01.js

Program received signal SIGSEGV, Segmentation fault.
ecma_deref_object (object_p=0x55555556ab51 <ecma_op_to_string+104>) at /home/jerryscript2/jerry-core/ecma/base/ecma-gc.c:150
150	  object_p->type_flags_refs = (uint16_t) (object_p->type_flags_refs - ECMA_OBJECT_REF_ONE);