search

jerryscript-project / jerryscript

Ultra-lightweight JavaScript engine for the Internet of Things.
https://jerryscript.net
Apache License 2.0
6.87k stars 666 forks source link

SEGV /jerryscript/jerry-core/vm/vm.c:1648:55 in vm_loop #5114

Closed Qbtly closed 2 weeks ago

Qbtly commented 7 months ago
JerryScript revision

ff9ff8f36c967890b5ebb240d9fa90d6e351aa01

Build platform

Ubuntu 22.04.3

Build steps
python ./tools/build.py --builddir=xxx --clean --debug --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --stack-limit=20
Test case
function JSEtest() {
    var a;
    for (a[a = class b { }] = [ this ]; ;)
        break;
}
  with (JSEtest)  {  for ( const  a = 0; a < 130; a++)
{
 try {    while (a < 3) {
         var c = class extends  constructor  { static { } ; } ; 
    }   } catch (err) {  } 
}  }
Execution steps
./xxx/bin/jerry poc.js
Output(Debug)
ICE: Assertion 'block_found' failed at /jerryscript/jerry-core/parser/js/js-parser-statm.c(parser_parse_try_statement_end):1922.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted
Backtrace
Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737350406336) at ./nptl/pthread_kill.c:44
44  ./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737350406336) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737350406336) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140737350406336, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff7cb4476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff7c9a7f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00005555558742f5 in jerry_port_fatal (code=code@entry=JERRY_FATAL_FAILED_ASSERTION) at /jerryscript/jerry-port/common/jerry-port-process.c:29
#6  0x00005555557623b8 in jerry_fatal (code=code@entry=JERRY_FATAL_FAILED_ASSERTION) at /jerryscript/jerry-core/jrt/jrt-fatals.c:63
#7  0x000055555576226c in jerry_assert_fail (assertion=<optimized out>, file=<optimized out>, function=<optimized out>, line=line@entry=1922) at /jerryscript/jerry-core/jrt/jrt-fatals.c:83
#8  0x000055555586106c in parser_parse_try_statement_end (context_p=0x7fffffffdd20) at /jerryscript/jerry-core/parser/js/js-parser-statm.c:1922
#9  parser_parse_statements (context_p=0x7fffffffdd20) at /jerryscript/jerry-core/parser/js/js-parser-statm.c:3132
#10 0x000055555577c016 in parser_parse_source (source_p=source_p@entry=0x7ffff5e00aa0, parse_opts=parse_opts@entry=0, options_p=options_p@entry=0x7ffff5f00830)
    at /jerryscript/jerry-core/parser/js/js-parser.c:2280
#11 0x000055555577a391 in parser_parse_script (source_p=0x3ad128, source_p@entry=0x7ffff5e00aa0, parse_opts=3854632, parse_opts@entry=0, options_p=0x6, options_p@entry=0x7ffff5f00830)
    at /jerryscript/jerry-core/parser/js/js-parser.c:3326
#12 0x000055555568d3ca in jerry_parse_common (source_p=0x7ffff5e00aa0, options_p=options_p@entry=0x7ffff5f00830, parse_opts=parse_opts@entry=0) at /jerryscript/jerry-core/api/jerryscript.c:412
#13 0x000055555568d22c in jerry_parse (source_p=<optimized out>, source_size=<optimized out>, options_p=<optimized out>) at /jerryscript/jerry-core/api/jerryscript.c:480
#14 0x0000555555872962 in jerryx_source_parse_script (path_p=<optimized out>) at /jerryscript/jerry-ext/util/sources.c:52
#15 0x0000555555872b54 in jerryx_source_exec_script (path_p=0x3ad128 <error: Cannot access memory at address 0x3ad128>) at /jerryscript/jerry-ext/util/sources.c:63
#16 0x00005555556860bc in main (argc=<optimized out>, argv=<optimized out>) at /jerryscript/jerry-main/main-desktop.c:156
Output(Release)
Program received signal SIGSEGV, Segmentation fault.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3586260==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x55eb8a697df2 bp 0x7ffc5c8bad00 sp 0x7ffc5c8bab00 T0)
==3586260==The signal is caused by a WRITE memory access.
==3586260==Hint: address points to the zero page.
    #0 0x55eb8a697df2 in vm_loop /jerryscript/jerry-core/vm/vm.c:1648:55
    #1 0x55eb8a68d287 in vm_execute /jerryscript/jerry-core/vm/vm.c:5211:37
    #2 0x55eb8a68c1a1 in vm_run /jerryscript/jerry-core/vm/vm.c:5312:10
    #3 0x55eb8a68bec8 in vm_run_global /jerryscript/jerry-core/vm/vm.c:286:25
    #4 0x55eb8a5ba4c6 in jerry_run /jerryscript/jerry-core/api/jerryscript.c:554:24
    #5 0x55eb8a71f984 in jerryx_source_exec_script /jerryscript/jerry-ext/util/sources.c:68:14
    #6 0x55eb8a5b55b2 in main /jerryscript/jerry-main/main-desktop.c:156:20
    #7 0x7f9cc50f9d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #8 0x7f9cc50f9e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #9 0x55eb8a4f5424 in _start (/jerryscript/0323re/bin/jerry+0x41424) (BuildId: efa40b4121fb9ed9276f89fc661eef85c730ab65)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /jerryscript/jerry-core/vm/vm.c:1648:55 in vm_loop
==3586260==ABORTING