assertion failed: DUK_TVAL_IS_STRING(tv1) in duk__js_execute_bytecode_inner

[renatahodovan]

Duktape version:

Checked revision: b062b50a
Build command: make dukd-low

OS:

Ubuntu 18.04, x86_64

Test case:

var j; 
Object.defineProperty(Array.prototype, "0" , { set : function ( ) { } , configurable : true } ) ; 
eval( 'for(j in this){\nstr2+=j;\n}' ) ; 

Backtrace:

Program received signal SIGABRT, Aborted.
0xf7fd5059 in __kernel_vsyscall ()
#0  0xf7fd5059 in __kernel_vsyscall ()
#1  0xf7de9832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xf7deacc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x565c8336 in duk_default_fatal_handler.lto_priv.138 (udata=0x0, msg=0x565dd5ac "assertion failed: DUK_TVAL_IS_STRING(tv1) (duk_js_executor.c:4411)") at duk_error_macros.c:145
#4  0x5656375f in duk__js_execute_bytecode_inner (entry_thread=0xf7c98418, entry_act=0xf7c8f0f4) at duk_js_executor.c:4411
#5  0x56561670 in duk_js_execute_bytecode.lto_priv.283 (exec_thr=0xf7c98418) at duk_js_executor.c:2917
#6  0x56574143 in duk__handle_call_raw (thr=0xf7c98418, idx_func=2, call_flags=16) at duk_js_call.c:2203
#7  0x565748e3 in duk_handle_call_unprotected.lto_priv.254 (thr=0xf7c98418, idx_func=2, call_flags=16) at duk_js_call.c:2385
#8  0x5657487b in duk_handle_call_unprotected_nargs.lto_priv.412 (thr=0xf7c98418, nargs=0, call_flags=16) at duk_js_call.c:2377
#9  0x56590b06 in duk_bi_global_object_eval.lto_priv.70 (thr=0xf7c98418) at duk_bi_global.c:594
#10 0x5657429d in duk__handle_call_raw (thr=0xf7c98418, idx_func=1, call_flags=24) at duk_js_call.c:2231
#11 0x565748e3 in duk_handle_call_unprotected.lto_priv.254 (thr=0xf7c98418, idx_func=1, call_flags=12) at duk_js_call.c:2385
#12 0x5656129b in duk__executor_handle_call (thr=0xf7c98418, idx=1, nargs=1, call_flags=12) at duk_js_executor.c:2655
#13 0x56563f02 in duk__js_execute_bytecode_inner (entry_thread=0xf7c98418, entry_act=0xf7c8f094) at duk_js_executor.c:4729
#14 0x56561670 in duk_js_execute_bytecode.lto_priv.283 (exec_thr=0xf7c98418) at duk_js_executor.c:2917
#15 0x56574143 in duk__handle_call_raw (thr=0xf7c98418, idx_func=3, call_flags=0) at duk_js_call.c:2203
#16 0x565748e3 in duk_handle_call_unprotected.lto_priv.254 (thr=0xf7c98418, idx_func=3, call_flags=0) at duk_js_call.c:2385
#17 0x565ca3fd in duk_call_method (thr=0xf7c98418, nargs=0) at duk_api_call.c:152
#18 0x5655a458 in wrapped_compile_execute (ctx=0xf7c98418, udata=0x0) at examples/cmdline/duk_cmdline.c:301
#19 0x56574bab in duk__handle_safe_call_inner (thr=0xf7c98418, func=0x5655a1db <wrapped_compile_execute>, udata=0x0, entry_valstack_bottom_byteoff=0, entry_callstack_top=0, entry_curr_thread=0x0, 
    entry_thread_state=1 '\001', idx_retbase=0, num_stack_rets=1) at duk_js_call.c:2438
#20 0x565756a4 in duk_handle_safe_call.lto_priv.479 (thr=0xf7c98418, func=0x5655a1db <wrapped_compile_execute>, udata=0x0, num_stack_args=4, num_stack_rets=1) at duk_js_call.c:2683
#21 0x565cb3af in duk_safe_call (thr=0xf7c98418, func=0x5655a1db <wrapped_compile_execute>, udata=0x0, nargs=4, nrets=1) at duk_api_call.c:320
#22 0x5655a657 in handle_fh (ctx=0xf7c98418, f=0x566bd160, filename=0xffffd471 "test.js", bytecode_filename=0x0) at examples/cmdline/duk_cmdline.c:632
#23 0x5655a831 in handle_file (ctx=0xf7c98418, filename=0xffffd471 "test.js", bytecode_filename=0x0) at examples/cmdline/duk_cmdline.c:691
#24 0x5655b3df in main (argc=2, argv=0xffffd2d4) at examples/cmdline/duk_cmdline.c:1465

^{Found by Fuzzinator with grammarinator.}