Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerryscript/jerry-core/lit/lit-strings.c(lit_convert_cesu8_string_to_utf8_string):868. #4920

Closed
FlydragonTy opened this issue Jan 4, 2022 · 0 comments · Fixed by #4946
Assignees
Labels
bug Undesired behaviour

Comments

@FlydragonTy
Copy link

FlydragonTy commented Jan 4, 2022

JerryScript revision

Commit: a6ab5e9

Version: v3.0.0

Build platform

Ubuntu 18.04.5 LTS (Linux 4.19.128-microsoft-standard x86_64)

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps
python ./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --stack-limit=20
Test case
poc.js

function JSEtest() {
  const v2 = String.fromCodePoint(1337);
  const v4 = v2.padEnd(1337, v2);
  const v6 = {
      b: 0,
      e: String
  }.match
  const v7 = v6[v4];
}
JSEtest();

Execution steps & Output
$ ./jerryscript/build/bin/jerry poc.js

ICE: Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerryscript/jerry-core/lit/lit-strings.c(lit_convert_cesu8_string_to_utf8_string):868.
Error: ERR_FAILED_INTERNAL_ASSERTION
[1]   abort      jerry poc.js

Credits: Found by OWL337 team.

@rerobika rerobika added the bug Undesired behaviour label Jan 4, 2022
rerobika pushed a commit to rerobika/jerryscript that referenced this issue Jan 4, 2022
The UTF8 buffer size can be smaller then the CESU8 string's size so the UTF8 output is may truncated. Therefore we cannot ensure that the CESU8 buffer is read until the end.
This patch fixes jerryscript-project#4920.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
@rerobika rerobika self-assigned this Jan 4, 2022
ossy-szeged pushed a commit that referenced this issue Jan 14, 2022
The UTF8 buffer size can be smaller then the CESU8 string's size so the UTF8 output is may truncated. Therefore we cannot ensure that the CESU8 buffer is read until the end.
This patch fixes #4920.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik robert.fancsik@h-lab.eu
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Undesired behaviour
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants