Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer #3869

Closed
owl337 opened this issue Jun 6, 2020 · 0 comments · Fixed by #3872
Assignees
Labels
bug Undesired behaviour parser Related to the JavaScript parser

Comments

@owl337
Copy link

owl337 commented Jun 6, 2020

JerryScript revision

cae6cd0

Build platform

Ubuntu 16.04.6 LTS (Linux 4.15.0-99-generic x86_64)

Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
 --compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
 --compile-flag=-fno-common --compile-flag=-g --strip=off \
 --system-allocator=on --logging=on --linker-flag=-fuse-ld=gold \
 --error-messages=on --profile=es2015-subset --lto=off 
Test case
function a ({
  *=;
})
Output
ICE: Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at /home/JerryScript/jerry-core/parser/js/js-parser-expr.c(parser_parse_object_initializer):3234.
Error: ERR_FAILED_INTERNAL_ASSERTION
Aborted

Credits: This vulnerability is detected by chong from OWL337.

zherczeg added a commit to zherczeg/jerryscript that referenced this issue Jun 8, 2020
Fixes jerryscript-project#3869

JerryScript-DCO-1.0-Signed-off-by: Zoltan Herczeg zherczeg.u-szeged@partner.samsung.com
@rerobika rerobika added bug Undesired behaviour parser Related to the JavaScript parser labels Jun 8, 2020
rerobika pushed a commit that referenced this issue Jun 8, 2020
Fixes #3869

JerryScript-DCO-1.0-Signed-off-by: Zoltan Herczeg zherczeg.u-szeged@partner.samsung.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Undesired behaviour parser Related to the JavaScript parser
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants