=================================================================
==2953261==ERROR: AddressSanitizer: heap-use-after-free on address 0xf4502508 at pc 0x56731155 bp 0xffa0fc88 sp 0xffa0fc78
READ of size 4 at 0xf4502508 thread T0
#0 0x56731154 in lexer_compare_identifier_to_string /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-lexer.c:3503
#1 0x56738c41 in parser_parse_object_literal /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:1593
#2 0x5673c3b8 in parser_parse_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2339
#3 0x5674559d in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4428
#4 0x5673e25f in parser_process_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2772
#5 0x56745605 in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4437
#6 0x5674e9a0 in parser_parse_var_statement /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:527
#7 0x5675bb93 in parser_parse_statements /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:2925
#8 0x566809a2 in parser_parse_function /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser.c:2792
#9 0x5672d0d9 in lexer_construct_function_object /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-lexer.c:2820
#10 0x567398f9 in parser_parse_function_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:1828
#11 0x5673c0df in parser_parse_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2313
#12 0x5674559d in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4428
#13 0x5673e25f in parser_process_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2772
#14 0x56745605 in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4437
#15 0x56745334 in parser_parse_expression_statement /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4399
#16 0x5675cf43 in parser_parse_statements /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:3230
#17 0x566809a2 in parser_parse_function /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser.c:2792
#18 0x5674fcbb in parser_parse_function_statement /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:799
#19 0x5675bc06 in parser_parse_statements /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:2957
#20 0x5667d2ac in parser_parse_source /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser.c:2340
#21 0x5668356d in parser_parse_script /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser.c:3413
#22 0x565bd97d in jerry_parse_common /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/api/jerryscript.c:398
#23 0x565bdce1 in jerry_parse /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/api/jerryscript.c:466
#24 0x565b6734 in main /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-main/main-jerry.c:161
#25 0xf7618ee4 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x1eee4)
#26 0x565b5a94 in _start (/home/aidai/fuzzing/jerryscript/jerryscript-test/build/bin/jerry+0x1ea94)
0xf4502508 is located 8 bytes inside of 124-byte region [0xf4502500,0xf450257c)
freed by thread T0 here:
#0 0xf7a20814 in __interceptor_free (/lib32/libasan.so.5+0x113814)
#1 0x56669e18 in jmem_heap_free_block_internal /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/jmem/jmem-heap.c:477
#2 0x56669f57 in jmem_heap_free_block /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/jmem/jmem-heap.c:691
#3 0x56748112 in parser_free /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-mem.c:59
#4 0x56748112 in parser_data_free /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-mem.c:134
#5 0x5674849b in parser_list_free /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-mem.c:211
#6 0x5667f81c in parser_restore_context /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser.c:2662
#7 0x566809d6 in parser_parse_function /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser.c:2807
#8 0x5672d0d9 in lexer_construct_function_object /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-lexer.c:2820
#9 0x567398f9 in parser_parse_function_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:1828
#10 0x5673c0df in parser_parse_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2313
#11 0x5674559d in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4428
#12 0x56739102 in parser_parse_object_literal /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:1656
#13 0x5673c3b8 in parser_parse_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2339
#14 0x5674559d in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4428
#15 0x5673e25f in parser_process_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2772
#16 0x56745605 in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4437
#17 0x5674e9a0 in parser_parse_var_statement /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:527
#18 0x5675bb93 in parser_parse_statements /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:2925
#19 0x566809a2 in parser_parse_function /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser.c:2792
#20 0x5672d0d9 in lexer_construct_function_object /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-lexer.c:2820
#21 0x567398f9 in parser_parse_function_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:1828
#22 0x5673c0df in parser_parse_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2313
#23 0x5674559d in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4428
#24 0x5673e25f in parser_process_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2772
#25 0x56745605 in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4437
#26 0x56745334 in parser_parse_expression_statement /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4399
#27 0x5675cf43 in parser_parse_statements /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:3230
#28 0x566809a2 in parser_parse_function /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser.c:2792
#29 0x5674fcbb in parser_parse_function_statement /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:799
#30 0x5675bc06 in parser_parse_statements /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:2957
previously allocated by thread T0 here:
#0 0xf7a20c17 in __interceptor_malloc (/lib32/libasan.so.5+0x113c17)
#1 0x56669c14 in jmem_heap_alloc /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/jmem/jmem-heap.c:254
#2 0x56669c84 in jmem_heap_gc_and_alloc_block /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/jmem/jmem-heap.c:291
#3 0x56669d39 in jmem_heap_alloc_block_null_on_error /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/jmem/jmem-heap.c:342
#4 0x56747da2 in parser_malloc /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-mem.c:43
#5 0x56748645 in parser_list_append /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-mem.c:239
#6 0x5672b7fd in lexer_construct_literal_object /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-lexer.c:2556
#7 0x5673ba0b in parser_parse_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2242
#8 0x5674559d in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4428
#9 0x56745334 in parser_parse_expression_statement /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4399
#10 0x5675cf43 in parser_parse_statements /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:3230
#11 0x566809a2 in parser_parse_function /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser.c:2792
#12 0x5672d0d9 in lexer_construct_function_object /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-lexer.c:2820
#13 0x567398f9 in parser_parse_function_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:1828
#14 0x5673c0df in parser_parse_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2313
#15 0x5674559d in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4428
#16 0x56739102 in parser_parse_object_literal /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:1656
#17 0x5673c3b8 in parser_parse_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2339
#18 0x5674559d in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4428
#19 0x5673e25f in parser_process_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2772
#20 0x56745605 in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4437
#21 0x5674e9a0 in parser_parse_var_statement /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:527
#22 0x5675bb93 in parser_parse_statements /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-statm.c:2925
#23 0x566809a2 in parser_parse_function /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser.c:2792
#24 0x5672d0d9 in lexer_construct_function_object /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-lexer.c:2820
#25 0x567398f9 in parser_parse_function_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:1828
#26 0x5673c0df in parser_parse_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2313
#27 0x5674559d in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4428
#28 0x5673e25f in parser_process_unary_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:2772
#29 0x56745605 in parser_parse_expression /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-parser-expr.c:4437
SUMMARY: AddressSanitizer: heap-use-after-free /home/aidai/fuzzing/jerryscript/jerryscript-test/jerry-core/parser/js/js-lexer.c:3503 in lexer_compare_identifier_to_string
Shadow bytes around the buggy address:
0x3e8a0450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3e8a0460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3e8a0470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3e8a0480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3e8a0490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x3e8a04a0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3e8a04b0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x3e8a04c0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x3e8a04d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3e8a04e0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x3e8a04f0: 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==2953261==ABORTING
The text was updated successfully, but these errors were encountered:
JerryScript revision
a6ab5e9
Build platform
Ubuntu 20.04.3 LTS (Linux 5.11.0-43-generic x86_64)
Build steps
Test case
Execution steps
asan log
The text was updated successfully, but these errors were encountered: