Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at /home/ubuntu/fuzz/jerryscript/jerry-core/parser/js/js-parser.c(parser_parse_function_arguments):1618 #4916

Closed
cnitlrt opened this issue Jan 2, 2022 · 0 comments · Fixed by #4942
Assignees
Labels
bug Undesired behaviour

Comments

@cnitlrt
Copy link

cnitlrt commented Jan 2, 2022

JerryScript commit hash

a6ab5e9

Build platform

Ubuntu 20.04 LTS

Build steps

./tools/build.py --clean --compile-flag=-fsanitize=address --lto=off --error-message=on --profile=es2015-subset --stack-limit=15 --debug --logging=on --line-info=on

poc
function test(proxyTarget) {
	  var {
		      proxy,
		      revoke
		    } = Proxy.revocable(proxyTarget< new Proxy({}, {
			        get{(target, propertyKey, receiver) {
					      revoke();
					    }
			      }));
	  return proxy;
}

Object.getPrototypeOf(test({}));
assert log
ICE: Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at /home/ubuntu/fuzz/jerryscript/jerry-core/parser/js/js-parser.c(parser_parse_function_arguments):1618.
Error: ERR_FAILED_INTERNAL_ASSERTION
Aborted
asan log
AddressSanitizer:DEADLYSIGNAL
=================================================================
==602568==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55cb2935a0c1 bp 0x7ffdb322746c sp 0x7ffdb32250a0 T0)
==602568==The signal is caused by a READ memory access.
==602568==Hint: address points to the zero page.
    #0 0x55cb2935a0c0  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x2d40c0)
    #1 0x55cb2932cbce  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x2a6bce)
    #2 0x55cb2933ed63  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x2b8d63)
    #3 0x55cb2945e610  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x3d8610)
    #4 0x55cb294763dc  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x3f03dc)
    #5 0x55cb2947ea5f  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x3f8a5f)
    #6 0x55cb2947c741  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x3f6741)
    #7 0x55cb2947ea8b  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x3f8a8b)
    #8 0x55cb2947c741  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x3f6741)
    #9 0x55cb2947ea8b  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x3f8a8b)
    #10 0x55cb2948623b  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x40023b)
    #11 0x55cb29487623  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x401623)
    #12 0x55cb294951f3  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x40f1f3)
    #13 0x55cb2949a49b  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x41449b)
    #14 0x55cb2933ef1a  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x2b8f1a)
    #15 0x55cb294925c5  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x40c5c5)
    #16 0x55cb2949c035  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x416035)
    #17 0x55cb2933b318  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x2b5318)
    #18 0x55cb29200f3d  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x17af3d)
    #19 0x55cb290b7290  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x31290)
    #20 0x7f2801d550b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #21 0x55cb290c4c0d  (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x3ec0d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/ubuntu/fuzz/jerryscript/build/bin/jerry+0x2d40c0) 
==602568==ABORTING
@cnitlrt cnitlrt changed the title ICE: Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at /home/ubuntu/fuzz/jerryscript/jerry-core/parser/js/js-parser.c(parser_parse_function_arguments):1618 Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at /home/ubuntu/fuzz/jerryscript/jerry-core/parser/js/js-parser.c(parser_parse_function_arguments):1618 Jan 2, 2022
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 3, 2022
fixes jerryscript-project#4916

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 3, 2022
fixes jerryscript-project#4916

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 3, 2022
fixes jerryscript-project#4916

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
@rerobika rerobika added the bug Undesired behaviour label Jan 4, 2022
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 4, 2022
fixes jerryscript-project#4916

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 4, 2022
The next character should not be consumed after finding the static block opening brace.
This patch fixes jerryscript-project#4916.

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 4, 2022
The next character should not be consumed after finding the static block opening brace.
This patch fixes jerryscript-project#4916.

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
dbatyai pushed a commit that referenced this issue Jan 10, 2022
The next character should not be consumed after finding the static block opening brace.
This patch fixes #4916.

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Undesired behaviour
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants