Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' failed at jerryscript/jerry-core/ecma/base/ecma-literal-storage.c(ecma_free_string_list):77. #4941

Closed
FlydragonTy opened this issue Jan 4, 2022 · 0 comments · Fixed by #4961
Assignees
Labels
bug Undesired behaviour

Comments

@FlydragonTy
Copy link

FlydragonTy commented Jan 4, 2022

JerryScript revision

Commit: a6ab5e9

Version: v3.0.0

Build platform

Ubuntu 18.04.5 LTS (Linux 4.19.128-microsoft-standard x86_64)

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps
python ./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --stack-limit=20
Test case
poc.js

var a = new Array(286331153, 572662306, 858993459, 1145324612, 303174162, 589505315, 305419888, 30583);
var handler = {
    getPrototypeOf: function (target, name) {
        return a;
    }
};
var p = new Proxy([], handler);
var b = [
    {},
    [],
    'natalie'
];
__proto__.__proto__ = p;
eval("function test_configurable_accessor() { print('replacement'); }");
[].flat.call(b);

​ ​
Execution steps & Output
$ ./jerryscript/build/bin/jerry poc.js

Unhandled exception:
     0: <eval>:1:64
     1: poc.js:14:1
ICE: Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' failed at jerryscript/jerry-core/ecma/base/ecma-literal-storage.c(ecma_free_string_list):77.
Error: ERR_FAILED_INTERNAL_ASSERTION
[1]    987 abort      jerry poc.js

Credits: Found by OWL337 team.

@rerobika rerobika added the bug Undesired behaviour label Jan 4, 2022
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 10, 2022
… referencing

in prototype chain.

This patch fixes jerryscript-project#4941

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 10, 2022
… referencing

in prototype chain.

This patch fixes jerryscript-project#4941

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 10, 2022
… referencing

in prototype chain.

This patch fixes jerryscript-project#4941

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 10, 2022
… referencing

in prototype chain.

This patch fixes jerryscript-project#4941

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 11, 2022
… referencing

in prototype chain.

This patch fixes jerryscript-project#4941

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
mnegyokru added a commit to mnegyokru/jerryscript that referenced this issue Jan 11, 2022
… referencing

in prototype chain.

This patch fixes jerryscript-project#4941

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
ossy-szeged pushed a commit that referenced this issue Jan 14, 2022
… referencing (#4961)

in prototype chain.

This patch fixes #4941

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Undesired behaviour
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants