-
Notifications
You must be signed in to change notification settings - Fork 684
Closed
Labels
bugUndesired behaviourUndesired behaviourecma coreRelated to core ECMA functionalityRelated to core ECMA functionality
Description
JerryScript revision
Build platform
Linux-4.15.0-54-generic-x86_64-with-Ubuntu-18.04-bionic
Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset
Test case
var set = new Set()
set.add()
set.has([ 1 ])
Output
ASAN:DEADLYSIGNAL
=================================================================
==42448==ERROR: AddressSanitizer: SEGV on unknown address 0x00000014 (pc 0x566f1cfe bp 0xffc645b8 sp 0xffc644f0 T0)
==42448==The signal is caused by a READ memory access.
==42448==Hint: address points to the zero page.
#0 0x566f1cfd in ecma_find_named_property jerryscript/jerry-core/ecma/base/ecma-helpers.c:586
#1 0x56614ea8 in ecma_op_container_to_key jerryscript/jerry-core/ecma/operations/ecma-container-object.c:247
#2 0x566152fa in ecma_op_container_has jerryscript/jerry-core/ecma/operations/ecma-container-object.c:364
#3 0x56657a51 in ecma_builtin_set_prototype_object_has jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-set-prototype.c:115
#4 0x56657923 in ecma_builtin_set_prototype_dispatch_routine jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-set-prototype.inc.h:45
#5 0x566aaee3 in ecma_builtin_dispatch_routine jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1025
#6 0x566ab144 in ecma_builtin_dispatch_call jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1050
#7 0x566bd1dd in ecma_op_function_call jerryscript/jerry-core/ecma/operations/ecma-function-object.c:729
#8 0x566723a0 in opfunc_call jerryscript/jerry-core/vm/vm.c:581
#9 0x56683542 in vm_execute jerryscript/jerry-core/vm/vm.c:3618
#10 0x56683e46 in vm_run jerryscript/jerry-core/vm/vm.c:3738
#11 0x56671637 in vm_run_global jerryscript/jerry-core/vm/vm.c:282
#12 0x566cae25 in jerry_run jerryscript/jerry-core/api/jerry.c:570
#13 0x566c7789 in main jerryscript/jerry-main/main-unix.c:743
#14 0xf7774e80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80)
#15 0x565f55a0 (jerryscript/build_gcc_asan_es2015/bin/jerry+0x165a0)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV jerryscript/jerry-core/ecma/base/ecma-helpers.c:586 in ecma_find_named_property
==42448==ABORTING
Backtrace
bt
#0 0x56667cfe in ecma_find_named_property (obj_p=0xf5f00460, name_p=0x27cd) at jerryscript/jerry-core/ecma/base/ecma-helpers.c:586
#1 0x5658aea9 in ecma_op_container_to_key (key_arg=4126147683) at jerryscript/jerry-core/ecma/operations/ecma-container-object.c:247
#2 0x5658b2fb in ecma_op_container_has (this_arg=4126148403, key_arg=4126147683, lit_id=LIT_MAGIC_STRING_SET_UL) at jerryscript/jerry-core/ecma/operations/ecma-container-object.c:364
#3 0x565cda52 in ecma_builtin_set_prototype_object_has (this_arg=4126148403, value_arg=4126147683) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-set-prototype.c:115
#4 0x565cd924 in ecma_builtin_set_prototype_dispatch_routine (builtin_routine_id=75, this_arg_value=4126148403, arguments_list=0xffffc4d0, arguments_number=2) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-set-prototype.inc.h:45
#5 0x56620ee4 in ecma_builtin_dispatch_routine (builtin_object_id=ECMA_BUILTIN_ID_SET_PROTOTYPE, builtin_routine_id=75, this_arg_value=4126148403, arguments_list_p=0xffffc4d0, arguments_list_len=2) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1025
#6 0x56621145 in ecma_builtin_dispatch_call (obj_p=0xf5f00670, this_arg_value=4126148403, arguments_list_p=0xffffc770, arguments_list_len=2) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1050
#7 0x566331de in ecma_op_function_call (func_obj_p=0xf5f00670, this_arg_value=4126148403, arguments_list_p=0xffffc770, arguments_list_len=2) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:729
#8 0x565e83a1 in opfunc_call (frame_ctx_p=0xffffc7e0) at jerryscript/jerry-core/vm/vm.c:581
#9 0x565f9543 in vm_execute (frame_ctx_p=0xffffc7e0, arg_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3618
#10 0x565f9e47 in vm_run (bytecode_header_p=0xf4f03c00, this_binding_value=4126149459, lex_env_p=0xf5d007b0, parse_opts=0, arg_list_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3738
#11 0x565e7638 in vm_run_global (bytecode_p=0xf4f03c00) at jerryscript/jerry-core/vm/vm.c:282
#12 0x56640e26 in jerry_run (func_val=4126148787) at jerryscript/jerry-core/api/jerry.c:570
#13 0x5663d78a in main (argc=3, argv=0xffffcc14) at jerryscript/jerry-main/main-unix.c:743
Found by Fuzzinator with grammarinator.
Metadata
Metadata
Assignees
Labels
bugUndesired behaviourUndesired behaviourecma coreRelated to core ECMA functionalityRelated to core ECMA functionality