search

jerryscript-project / jerryscript

Ultra-lightweight JavaScript engine for the Internet of Things.
https://jerryscript.net
Apache License 2.0
6.96k stars 673 forks source link

SEGV /jerryscript/jerry-core/parser/js/js-parser-expr.c:1997:11 in parser_parse_unary_expression #5150

Open Qbtly opened 3 months ago

Qbtly commented 3 months ago
Commit ID

2dbb6f79efa08767ce44fbc8e3f26e80649295d7

Build platform

Ubuntu 22.04.3

Build steps
python3 ./tools/build.py --builddir=xxx --clean --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --stack-limit=20
Test case
class JSEtest {
    #async #async(x = 1) { "use strict" }
  }
Execution steps
./jerry poc.js
Output
AddressSanitizer:DEADLYSIGNAL
=================================================================
==200353==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000007afb58 bp 0x7fffe0b4a1b0 sp 0x7fffe0b49e80 T0)
==200353==The signal is caused by a READ memory access.
==200353==Hint: address points to the zero page.
    #0 0x7afb58 in parser_parse_unary_expression /jerryscript/jerry-core/parser/js/js-parser-expr.c:1997:11
    #1 0x7afb58 in parser_parse_expression /jerryscript/jerry-core/parser/js/js-parser-expr.c:4118:9
    #2 0x64ad0d in parser_parse_function_arguments /jerryscript/jerry-core/parser/js/js-parser.c:1797:7
    #3 0x647b83 in parser_parse_function /jerryscript/jerry-core/parser/js/js-parser.c:2685:3
    #4 0x79eec2 in lexer_construct_function_object /jerryscript/jerry-core/parser/js/js-lexer.c:2695:23
    #5 0x7aa79e in parser_parse_class_body /jerryscript/jerry-core/parser/js/js-parser-expr.c:911:39
    #6 0x7aa79e in parser_parse_class /jerryscript/jerry-core/parser/js/js-parser-expr.c:1113:27
    #7 0x7dabc6 in parser_parse_statements /jerryscript/jerry-core/parser/js/js-parser-statm.c:2787:9
    #8 0x663433 in parser_parse_source /jerryscript/jerry-core/parser/js/js-parser.c:2280:5
    #9 0x6611ca in parser_parse_script /jerryscript/jerry-core/parser/js/js-parser.c:3332:38
    #10 0x4ec611 in jerry_parse_common /jerryscript/jerry-core/api/jerryscript.c:418:21
    #11 0x4ec23e in jerry_parse /jerryscript/jerry-core/api/jerryscript.c:486:10
    #12 0x80402d in jerryx_source_parse_script /jerryscript/jerry-ext/util/sources.c:52:26
    #13 0x80432c in jerryx_source_exec_script /jerryscript/jerry-ext/util/sources.c:63:26
    #14 0x4e0160 in main /jerryscript/jerry-main/main-desktop.c:156:20
    #15 0x7fc0d0047d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #16 0x7fc0d0047e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #17 0x427fd4 in _start (/jerryscript/0805/bin/jerry+0x427fd4)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /jerryscript/jerry-core/parser/js/js-parser-expr.c:1997:11 in parser_parse_unary_expression
==200353==ABORTIN