search

jerryscript-project / jerryscript

Ultra-lightweight JavaScript engine for the Internet of Things.
https://jerryscript.net
Apache License 2.0
6.89k stars 669 forks source link

Assertion !ecma_is_value_direct (x) || ecma_is_value_undefined (x) || ecma_is_value_null (x) || ecma_is_value_boolean (x) || ecma_is_value_integer_number (x) in ecma_op_strict_equality_compare #5003

Open renatahodovan opened 2 years ago

renatahodovan commented 2 years ago
JerryScript revision

0d496966

Build platform

Linux-5.4.0-104-generic-x86_64-with-glibc2.29

Build steps
./tools/build.py --clean --debug --profile=es.next  --error-messages=ON --logging=ON
Test case
class A { f ( ) { return ( { }, this ) } } 
class B extends A { constructor(p_0, b, c, d) { eval ( "eval ('super (a, b, c, d)')" ) ; print(super.f()=== 0) } } 
var a = new B ( )
Output
ICE: Assertion '!ecma_is_value_direct (x) || ecma_is_value_undefined (x) || ecma_is_value_null (x) || ecma_is_value_boolean (x) || ecma_is_value_integer_number (x)' failed at jerryscript/jerry-core/ecma/operations/ecma-comparison.c(ecma_op_strict_equality_compare):256.
Error: JERRY_FATAL_FAILED_ASSERTION
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3268980==ERROR: AddressSanitizer: ABRT on unknown address 0x03e90031e174 (pc 0x7f7250d8d03b bp 0x7ffd4fbe44d0 sp 0x7ffd4fbe4260 T0)
    #0 0x7f7250d8d03b in raise /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
    #1 0x7f7250d6c858 in abort /build/glibc-sMfBJT/glibc-2.31/stdlib/abort.c:79:7
    #2 0x89ef3f in jerry_port_fatal jerryscript/jerry-port/common/jerry-port-process.c:29:5
    #3 0x66b742 in jerry_fatal jerryscript/jerry-core/jrt/jrt-fatals.c:63:3
    #4 0x66b4da in jerry_assert_fail jerryscript/jerry-core/jrt/jrt-fatals.c:83:3
    #5 0x5c8bda in ecma_op_strict_equality_compare jerryscript/jerry-core/ecma/operations/ecma-comparison.c:255:5
    #6 0x741fce in vm_loop jerryscript/jerry-core/vm/vm.c:3642:27
    #7 0x7182d9 in vm_execute jerryscript/jerry-core/vm/vm.c:5211:37
    #8 0x715ba5 in vm_run jerryscript/jerry-core/vm/vm.c:5312:10
    #9 0x5ee8f8 in ecma_op_function_call_constructor jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1036:15
    #10 0x5e737d in ecma_op_function_call_simple jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1116:14
    #11 0x5e9555 in ecma_op_function_construct_simple jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1492:28
    #12 0x5e902f in ecma_op_function_construct jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1713:14
    #13 0x757b67 in opfunc_construct jerryscript/jerry-core/vm/vm.c:840:7
    #14 0x718420 in vm_execute jerryscript/jerry-core/vm/vm.c:5236:9
    #15 0x715ba5 in vm_run jerryscript/jerry-core/vm/vm.c:5312:10
    #16 0x7155ff in vm_run_global jerryscript/jerry-core/vm/vm.c:286:25
    #17 0x4cf99d in jerry_run jerryscript/jerry-core/api/jerryscript.c:548:24
    #18 0x89cdc9 in jerryx_source_exec_script jerryscript/jerry-ext/util/sources.c:68:14
    #19 0x4c4d84 in main jerryscript/jerry-main/main-desktop.c:156:20
    #20 0x7f7250d6e0b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
    #21 0x41c53d in _start (jerryscript/build/bin/jerry+0x41c53d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1 in raise
==3268980==ABORTING
Backtrace
bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7c33859 in __GI_abort () at abort.c:79
#2  0x000000000089ef40 in jerry_port_fatal (code=JERRY_FATAL_FAILED_ASSERTION) at jerryscript/jerry-port/common/jerry-port-process.c:29
#3  0x000000000066b743 in jerry_fatal (code=JERRY_FATAL_FAILED_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:63
#4  0x000000000066b4db in jerry_assert_fail (assertion=0x8d8b00 <str> "!ecma_is_value_direct (x) || ecma_is_value_undefined (x) || ecma_is_value_null (x) || ecma_is_value_boolean (x) || ecma_is_value_integer_number (x)", file=0x8d89a0 <str> "jerryscript/jerry-core/ecma/operations/ecma-comparison.c", function=0x8d8bc0 <__func__.ecma_op_strict_equality_compare> "ecma_op_strict_equality_compare", line=256) at jerryscript/jerry-core/jrt/jrt-fatals.c:83
#5  0x00000000005c8bdb in ecma_op_strict_equality_compare (x=104, y=80) at jerryscript/jerry-core/ecma/operations/ecma-comparison.c:255
#6  0x0000000000741fcf in vm_loop (frame_ctx_p=0x7fffffffc820) at jerryscript/jerry-core/vm/vm.c:3642
#7  0x00000000007182da in vm_execute (frame_ctx_p=0x7fffffffc820) at jerryscript/jerry-core/vm/vm.c:5211
#8  0x0000000000715ba6 in vm_run (shared_p=0x7fffffffcb60, this_binding_value=104, lex_env_p=0x1290440 <jerry_global_heap+1472>) at jerryscript/jerry-core/vm/vm.c:5312
#9  0x00000000005ee8f9 in ecma_op_function_call_constructor (shared_args_p=0x7fffffffcb60, scope_p=0x1290440 <jerry_global_heap+1472>, this_binding=104) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1036
#10 0x00000000005e737e in ecma_op_function_call_simple (func_obj_p=0x1290370 <jerry_global_heap+1264>, this_binding=72, arguments_list_p=0x7fffffffd288, arguments_list_len=6) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1116
#11 0x00000000005e9556 in ecma_op_function_construct_simple (func_obj_p=0x1290370 <jerry_global_heap+1264>, new_target_p=0x1290370 <jerry_global_heap+1264>, arguments_list_p=0x7fffffffd288, arguments_list_len=6) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1492
#12 0x00000000005e9030 in ecma_op_function_construct (func_obj_p=0x1290370 <jerry_global_heap+1264>, new_target_p=0x1290370 <jerry_global_heap+1264>, arguments_list_p=0x7fffffffd288, arguments_list_len=6) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1713
#13 0x0000000000757b68 in opfunc_construct (frame_ctx_p=0x7fffffffd240) at jerryscript/jerry-core/vm/vm.c:840
#14 0x0000000000718421 in vm_execute (frame_ctx_p=0x7fffffffd240) at jerryscript/jerry-core/vm/vm.c:5236
#15 0x0000000000715ba6 in vm_run (shared_p=0x7fffffffd460, this_binding_value=11, lex_env_p=0x1290170 <jerry_global_heap+752>) at jerryscript/jerry-core/vm/vm.c:5312
#16 0x0000000000715600 in vm_run_global (bytecode_p=0x1290588 <jerry_global_heap+1800>, function_object_p=0x1290160 <jerry_global_heap+736>) at jerryscript/jerry-core/vm/vm.c:286
#17 0x00000000004cf99e in jerry_run (script=739) at jerryscript/jerry-core/api/jerryscript.c:548
#18 0x000000000089cdca in jerryx_source_exec_script (path_p=0x7fffffffde36 "/run/user/1001/fuzzinator/3261026/3268976-FileWriterDecorator-18db9a912f2a42289769603c9cc0ed7e/0.js") at jerryscript/jerry-ext/util/sources.c:68
#19 0x00000000004c4d85 in main (argc=2, argv=0x7fffffffdb08) at jerryscript/jerry-main/main-desktop.c:156

Found by Fuzzinator with grammarinator