search

jerryscript-project / jerryscript

Ultra-lightweight JavaScript engine for the Internet of Things.
https://jerryscript.net
Apache License 2.0
6.89k stars 669 forks source link

Assertion !!(flags & PARSER_PATTERN_HAS_REST_ELEMENT) == rest_found in parser_parse_object_initializer #4998

Open renatahodovan opened 2 years ago

renatahodovan commented 2 years ago
JerryScript revision

0d496966

Build platform

Linux-5.4.0-104-generic-x86_64-with-glibc2.29

Build steps
./tools/build.py --clean --debug --profile=es.next  --error-messages=ON --logging=ON
Test case
for (var {...r} = o in new Map( ));
Output
ICE: Assertion '!!(flags & PARSER_PATTERN_HAS_REST_ELEMENT) == rest_found' failed at jerryscript/jerry-core/parser/js/js-parser-expr.c(parser_parse_object_initializer):3895.
Error: JERRY_FATAL_FAILED_ASSERTION
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3270099==ERROR: AddressSanitizer: ABRT on unknown address 0x03e90031e5d3 (pc 0x7f13bff6703b bp 0x7fff3c593150 sp 0x7fff3c592ee0 T0)
    #0 0x7f13bff6703b in raise /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
    #1 0x7f13bff46858 in abort /build/glibc-sMfBJT/glibc-2.31/stdlib/abort.c:79:7
    #2 0x89ef3f in jerry_port_fatal jerryscript/jerry-port/common/jerry-port-process.c:29:5
    #3 0x66b742 in jerry_fatal jerryscript/jerry-core/jrt/jrt-fatals.c:63:3
    #4 0x66b4da in jerry_assert_fail jerryscript/jerry-core/jrt/jrt-fatals.c:83:3
    #5 0x837a4e in parser_parse_object_initializer jerryscript/jerry-core/parser/js/js-parser-expr.c:3895:3
    #6 0x8389ce in parser_parse_initializer_by_next_char jerryscript/jerry-core/parser/js/js-parser-expr.c:3944:5
    #7 0x879739 in parser_parse_for_statement_start jerryscript/jerry-core/parser/js/js-parser-statm.c:1293:11
    #8 0x868f9b in parser_parse_statements jerryscript/jerry-core/parser/js/js-parser-statm.c:2851:9
    #9 0x69ae84 in parser_parse_source jerryscript/jerry-core/parser/js/js-parser.c:2280:5
    #10 0x69629a in parser_parse_script jerryscript/jerry-core/parser/js/js-parser.c:3326:38
    #11 0x4ced00 in jerry_parse_common jerryscript/jerry-core/api/jerryscript.c:412:21
    #12 0x4ce473 in jerry_parse jerryscript/jerry-core/api/jerryscript.c:480:10
    #13 0x89cc1f in jerryx_source_parse_script jerryscript/jerry-ext/util/sources.c:52:26
    #14 0x89cd6e in jerryx_source_exec_script jerryscript/jerry-ext/util/sources.c:63:26
    #15 0x4c4d84 in main jerryscript/jerry-main/main-desktop.c:156:20
    #16 0x7f13bff480b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
    #17 0x41c53d in _start (jerryscript/build/bin/jerry+0x41c53d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1 in raise
==3270099==ABORTING
Backtrace
bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7c33859 in __GI_abort () at abort.c:79
#2  0x000000000089ef40 in jerry_port_fatal (code=JERRY_FATAL_FAILED_ASSERTION) at jerryscript/jerry-port/common/jerry-port-process.c:29
#3  0x000000000066b743 in jerry_fatal (code=JERRY_FATAL_FAILED_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:63
#4  0x000000000066b4db in jerry_assert_fail (assertion=0x929ea0 <str> "!!(flags & PARSER_PATTERN_HAS_REST_ELEMENT) == rest_found", file=0x929160 <str> "jerryscript/jerry-core/parser/js/js-parser-expr.c", function=0x929dc0 <__func__.parser_parse_object_initializer> "parser_parse_object_initializer", line=3895) at jerryscript/jerry-core/jrt/jrt-fatals.c:83
#5  0x0000000000837a4f in parser_parse_object_initializer (context_p=0x7fffffffcd20, flags=(PARSER_PATTERN_BINDING | PARSER_PATTERN_TARGET_ON_STACK | PARSER_PATTERN_REST_ELEMENT)) at jerryscript/jerry-core/parser/js/js-parser-expr.c:3895
#6  0x00000000008389cf in parser_parse_initializer_by_next_char (context_p=0x7fffffffcd20, flags=(PARSER_PATTERN_BINDING | PARSER_PATTERN_TARGET_ON_STACK)) at jerryscript/jerry-core/parser/js/js-parser-expr.c:3944
#7  0x000000000087973a in parser_parse_for_statement_start (context_p=0x7fffffffcd20) at jerryscript/jerry-core/parser/js/js-parser-statm.c:1293
#8  0x0000000000868f9c in parser_parse_statements (context_p=0x7fffffffcd20) at jerryscript/jerry-core/parser/js/js-parser-statm.c:2851
#9  0x000000000069ae85 in parser_parse_source (source_p=0x7fffffffd3a0, parse_opts=0, options_p=0x7fffffffd4d0) at jerryscript/jerry-core/parser/js/js-parser.c:2280
#10 0x000000000069629b in parser_parse_script (source_p=0x7fffffffd3a0, parse_opts=0, options_p=0x7fffffffd4d0) at jerryscript/jerry-core/parser/js/js-parser.c:3326
#11 0x00000000004ced01 in jerry_parse_common (source_p=0x7fffffffd3a0, options_p=0x7fffffffd4d0, parse_opts=0) at jerryscript/jerry-core/api/jerryscript.c:412
#12 0x00000000004ce474 in jerry_parse (source_p=0x607000000020 "for ( var  { ... r    }   = o     in new Map   ( \"\\uFFA2\"    )    ) ;        ", source_size=77, options_p=0x7fffffffd4d0) at jerryscript/jerry-core/api/jerryscript.c:480
#13 0x000000000089cc20 in jerryx_source_parse_script (path_p=0x7fffffffde36 "/run/user/1001/fuzzinator/3261026/3270079-FileWriterDecorator-0e4d2c28b2ac47759841127d665b5fff/0.js") at jerryscript/jerry-ext/util/sources.c:52
#14 0x000000000089cd6f in jerryx_source_exec_script (path_p=0x7fffffffde36 "/run/user/1001/fuzzinator/3261026/3270079-FileWriterDecorator-0e4d2c28b2ac47759841127d665b5fff/0.js") at jerryscript/jerry-ext/util/sources.c:63
#15 0x00000000004c4d85 in main (argc=2, argv=0x7fffffffdb08) at jerryscript/jerry-main/main-desktop.c:156

Found by Fuzzinator with grammarinator.