search

jerryscript-project / jerryscript

Ultra-lightweight JavaScript engine for the Internet of Things.
https://jerryscript.net
Apache License 2.0
6.89k stars 669 forks source link

Assertion ecma_object_check_class_name_is_object (obj_p) in ecma_object_get_class_name #5001

Open renatahodovan opened 2 years ago

renatahodovan commented 2 years ago
JerryScript revision

0d496966

Build platform

Linux-5.4.0-104-generic-x86_64-with-glibc2.29

Build steps
./tools/build.py --clean --debug --profile=es.next  --error-messages=ON --logging=ON
Test case
function shouldBe(actual) { if (actual) throw new Error ( 0+ actual ) } 
async function* asyncGenerator() { }
asyncGenerator.prototype = 0; 
shouldBe(Object.getPrototypeOf(asyncGenerator()))
Output
ICE: Assertion 'ecma_object_check_class_name_is_object (obj_p)' failed at jerryscript/jerry-core/ecma/operations/ecma-objects.c(ecma_object_get_class_name):2913.
Error: JERRY_FATAL_FAILED_ASSERTION
AddressSanitizer:DEADLYSIGNAL
=================================================================
==698972==ERROR: AddressSanitizer: ABRT on unknown address 0x03e9000aaa5c (pc 0x7f5d8c49b03b bp 0x7ffcc9f2a6a0 sp 0x7ffcc9f2a430 T0)
    #0 0x7f5d8c49b03b in raise /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
    #1 0x7f5d8c47a858 in abort /build/glibc-sMfBJT/glibc-2.31/stdlib/abort.c:79:7
    #2 0x806f07 in jerry_port_fatal jerryscript/jerry-port/common/jerry-port-process.c:29:5
    #3 0x6281ca in jerry_fatal jerryscript/jerry-core/jrt/jrt-fatals.c:63:3
    #4 0x627f7a in jerry_assert_fail jerryscript/jerry-core/jrt/jrt-fatals.c:83:3
    #5 0x5e3660 in ecma_object_get_class_name jerryscript/jerry-core/ecma/operations/ecma-objects.c:2913:7
    #6 0x72c214 in ecma_builtin_helper_object_to_string jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-helpers.c:143:19
    #7 0x73ddda in ecma_builtin_object_prototype_object_to_string jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-object-prototype.c:89:10
    #8 0x73d2d7 in ecma_builtin_object_prototype_dispatch_routine jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-object-prototype.c:395:14
    #9 0x56f39d in ecma_builtin_dispatch_routine jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1460:10
    #10 0x56ead1 in ecma_builtin_dispatch_call jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1489:12
    #11 0x5b9af2 in ecma_op_function_call_native_built_in jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1217:5
    #12 0x5b8640 in ecma_op_function_call jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1411:16
    #13 0x5cbf3b in ecma_op_general_object_ordinary_value jerryscript/jerry-core/ecma/operations/ecma-objects-general.c:291:25
    #14 0x5cbcb4 in ecma_op_general_object_default_value jerryscript/jerry-core/ecma/operations/ecma-objects-general.c:256:10
    #15 0x5dc3be in ecma_op_object_default_value jerryscript/jerry-core/ecma/operations/ecma-objects.c:1718:10
    #16 0x6a0a07 in opfunc_addition jerryscript/jerry-core/vm/opcodes-ecma-arithmetics.c:198:19
    #17 0x6dcef8 in vm_loop jerryscript/jerry-core/vm/vm.c:3450:20
    #18 0x6bb8f1 in vm_execute jerryscript/jerry-core/vm/vm.c:5211:37
    #19 0x6b975b in vm_run jerryscript/jerry-core/vm/vm.c:5312:10
    #20 0x5b9674 in ecma_op_function_call_simple jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176:28
    #21 0x5b860d in ecma_op_function_call jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1406:16
    #22 0x5b830e in ecma_op_function_validated_call jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1371:10
    #23 0x6efb26 in opfunc_call jerryscript/jerry-core/vm/vm.c:758:5
    #24 0x6bb99c in vm_execute jerryscript/jerry-core/vm/vm.c:5217:9
    #25 0x6b975b in vm_run jerryscript/jerry-core/vm/vm.c:5312:10
    #26 0x6b91b7 in vm_run_global jerryscript/jerry-core/vm/vm.c:286:25
    #27 0x4ce357 in jerry_run jerryscript/jerry-core/api/jerryscript.c:548:24
    #28 0x8052c9 in jerryx_source_exec_script jerryscript/jerry-ext/util/sources.c:68:14
    #29 0x4c4cb6 in main jerryscript/jerry-main/main-desktop.c:156:20
    #30 0x7f5d8c47c0b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
    #31 0x41c53d in _start (jerryscript/build/bin/jerry+0x41c53d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1 in raise
==698972==ABORTING
Backtrace
bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7c33859 in __GI_abort () at abort.c:79
#2  0x0000000000806f08 in jerry_port_fatal (code=JERRY_FATAL_FAILED_ASSERTION) at jerryscript/jerry-port/common/jerry-port-process.c:29
#3  0x00000000006281cb in jerry_fatal (code=JERRY_FATAL_FAILED_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:63
#4  0x0000000000627f7b in jerry_assert_fail (assertion=0x849fa0 <str> "ecma_object_check_class_name_is_object (obj_p)", file=0x8490c0 <str> "jerryscript/jerry-core/ecma/operations/ecma-objects.c", function=0x849e80 <__func__.ecma_object_get_class_name> "ecma_object_get_class_name", line=2913) at jerryscript/jerry-core/jrt/jrt-fatals.c:83
#5  0x00000000005e3661 in ecma_object_get_class_name (obj_p=0x11dfa88 <jerry_global_heap+904>) at jerryscript/jerry-core/ecma/operations/ecma-objects.c:2913
#6  0x000000000072c215 in ecma_builtin_helper_object_to_string (this_arg=907) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-helpers.c:143
#7  0x000000000073dddb in ecma_builtin_object_prototype_object_to_string (this_arg=907) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-object-prototype.c:89
#8  0x000000000073d2d8 in ecma_builtin_object_prototype_dispatch_routine (builtin_routine_id=1 '\001', this_arg=907, arguments_list_p=0x7fffffff6da0, arguments_number=0) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-object-prototype.c:395
#9  0x000000000056f39e in ecma_builtin_dispatch_routine (func_obj_p=0x11dfc50 <jerry_global_heap+1360>, this_arg_value=907, arguments_list_p=0x7fffffff6da0, arguments_list_len=0) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1460
#10 0x000000000056ead2 in ecma_builtin_dispatch_call (obj_p=0x11dfc50 <jerry_global_heap+1360>, this_arg_value=907, arguments_list_p=0x0, arguments_list_len=0) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1489
#11 0x00000000005b9af3 in ecma_op_function_call_native_built_in (func_obj_p=0x11dfc50 <jerry_global_heap+1360>, this_arg_value=907, arguments_list_p=0x0, arguments_list_len=0) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1217
#12 0x00000000005b8641 in ecma_op_function_call (func_obj_p=0x11dfc50 <jerry_global_heap+1360>, this_arg_value=907, arguments_list_p=0x0, arguments_list_len=0) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1411
#13 0x00000000005cbf3c in ecma_op_general_object_ordinary_value (obj_p=0x11dfa88 <jerry_global_heap+904>, hint=ECMA_PREFERRED_TYPE_NUMBER) at jerryscript/jerry-core/ecma/operations/ecma-objects-general.c:291
#14 0x00000000005cbcb5 in ecma_op_general_object_default_value (obj_p=0x11dfa88 <jerry_global_heap+904>, hint=ECMA_PREFERRED_TYPE_NUMBER) at jerryscript/jerry-core/ecma/operations/ecma-objects-general.c:256
#15 0x00000000005dc3bf in ecma_op_object_default_value (obj_p=0x11dfa88 <jerry_global_heap+904>, hint=ECMA_PREFERRED_TYPE_NO) at jerryscript/jerry-core/ecma/operations/ecma-objects.c:1718
#16 0x00000000006a0a08 in opfunc_addition (left_value=1017, right_value=907) at jerryscript/jerry-core/vm/opcodes-ecma-arithmetics.c:198
#17 0x00000000006dcef9 in vm_loop (frame_ctx_p=0x7fffffffc960) at jerryscript/jerry-core/vm/vm.c:3450
#18 0x00000000006bb8f2 in vm_execute (frame_ctx_p=0x7fffffffc960) at jerryscript/jerry-core/vm/vm.c:5211
#19 0x00000000006b975c in vm_run (shared_p=0x7fffffffcb80, this_binding_value=11, lex_env_p=0x11df7f8 <jerry_global_heap+248>) at jerryscript/jerry-core/vm/vm.c:5312
#20 0x00000000005b9675 in ecma_op_function_call_simple (func_obj_p=0x11df9f0 <jerry_global_heap+752>, this_binding=11, arguments_list_p=0x7fffffffd288, arguments_list_len=2) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176
#21 0x00000000005b860e in ecma_op_function_call (func_obj_p=0x11df9f0 <jerry_global_heap+752>, this_arg_value=72, arguments_list_p=0x7fffffffd288, arguments_list_len=2) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1406
#22 0x00000000005b830f in ecma_op_function_validated_call (callee=755, this_arg_value=72, arguments_list_p=0x7fffffffd288, arguments_list_len=2) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1371
#23 0x00000000006efb27 in opfunc_call (frame_ctx_p=0x7fffffffd240) at jerryscript/jerry-core/vm/vm.c:758
#24 0x00000000006bb99d in vm_execute (frame_ctx_p=0x7fffffffd240) at jerryscript/jerry-core/vm/vm.c:5217
#25 0x00000000006b975c in vm_run (shared_p=0x7fffffffd460, this_binding_value=11, lex_env_p=0x11df7f8 <jerry_global_heap+248>) at jerryscript/jerry-core/vm/vm.c:5312
#26 0x00000000006b91b8 in vm_run_global (bytecode_p=0x11dfc90 <jerry_global_heap+1424>, function_object_p=0x11df9e0 <jerry_global_heap+736>) at jerryscript/jerry-core/vm/vm.c:286
#27 0x00000000004ce358 in jerry_run (script=739) at jerryscript/jerry-core/api/jerryscript.c:548
#28 0x00000000008052ca in jerryx_source_exec_script (path_p=0x7fffffffde38 "/run/user/1001/fuzzinator/697673/698970-FileWriterDecorator-44644032b49a484c95687ff1166ed1c8/0.js") at jerryscript/jerry-ext/util/sources.c:68
#29 0x00000000004c4cb7 in main (argc=2, argv=0x7fffffffdb08) at jerryscript/jerry-main/main-desktop.c:156

Found by Fuzzinator with grammarinator.