search

jerryscript-project / jerryscript

Ultra-lightweight JavaScript engine for the Internet of Things.
https://jerryscript.net
Apache License 2.0
6.87k stars 666 forks source link

Segmentation Fault in release. Assertion 'context_p->source_p < context_p->source_end_p' failed in debug version #5105

Open anbu1024 opened 8 months ago

anbu1024 commented 8 months ago

jerryScript version 3.0.0: commit 05dbbd134c3b9e2482998f267857dd3722001cd7

Build platform: Ubuntu 20.04

Build cmd:

python tools/build.py --debug --profile=es.next --lto=off --compile-flag=-D_POSIX_C_SOURCE=200809 --compile-flag=-Wno-strict-prototypes --stack-limit=15

Test case

var a = new Uint16Array(Uint16Array, Uint16Array);
var b = `
    var o = {
        m(apple) {
            class Foo extends b {

                static {}

                512;

                static #m() {}
            }
            return apple;
        },
    };
`;

for (var [...i] of b) {
    i.splice(a, i);

    b += i;

    function bar() {
        return Uint16Array;
    }

    try { bar.constructor(b); } catch (e) {}
}

Error message:

SEGV on ASAN version 

AddressSanitizer:DEADLYSIGNAL
=================================================================
==510031==ERROR: AddressSanitizer: SEGV on unknown address 0x000000005198 (pc 0x5618574bc04b bp 0x7ffd51997c50 sp 0x7ffd51997bb0 T0)
==510031==The signal is caused by a READ memory access.

Aborted with assertion error in debug version:

ICE: Assertion 'context_p->source_p < context_p->source_end_p' failed at /media/Store/JS-engines/jerryscript/jerryscript-pure/jerry-core/parser/js/js-lexer.c(lexer_consume_next_character):1821.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted (core dumped)