Skip to content

Assertion uint_ptr % JMEM_ALIGNMENT == 0 in jmem_decompress_pointer #3046

New issue
New issue
Closed
#3047
Closed
Assertion uint_ptr % JMEM_ALIGNMENT == 0 in jmem_decompress_pointer#3046
#3047
Labels
bugUndesired behaviourecma coreRelated to core ECMA functionality
@renatahodovan

Description

@renatahodovan
renatahodovan
opened on Sep 3, 2019
JerryScript revision

e79059c

Build platform

Linux-4.15.0-54-generic-x86_64-with-Ubuntu-18.04-bionic

Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset
Test case
var map = new Map()
map.set([ 1.5 ])
Output
ICE: Assertion 'uint_ptr % JMEM_ALIGNMENT == 0' failed at jerryscript/jerry-core/jmem/jmem-allocator.c(jmem_decompress_pointer):222.
Error: ERR_FAILED_INTERNAL_ASSERTION
Backtrace
bt
#0  0xf7fd5059 in __kernel_vsyscall ()
#1  0xf77fc832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0xf77fdcc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x5657ac87 in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:71
#4  0x566173a1 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5  0x566173e2 in jerry_assert_fail (assertion=0x566aa580 "uint_ptr % JMEM_ALIGNMENT == 0", file=0x566aa460 "jerryscript/jerry-core/jmem/jmem-allocator.c", function=0x5667e180 <__func__.4606.lto_priv.499> "jmem_decompress_pointer", line=222) at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6  0x5661654b in jmem_decompress_pointer (compressed_pointer=4124051090) at jerryscript/jerry-core/jmem/jmem-allocator.c:222
#7  0x5666e0b4 in ecma_property_hashmap_find (hashmap_p=0xf5f006a0, name_p=0x27cd, property_real_name_cp=0xffffc030) at jerryscript/jerry-core/ecma/base/ecma-property-hashmap.c:422
#8  0x56667a7b in ecma_find_named_property (obj_p=0xf5f006d0, name_p=0x27cd) at jerryscript/jerry-core/ecma/base/ecma-helpers.c:554
#9  0x5658aea9 in ecma_op_container_to_key (key_arg=4126148307) at jerryscript/jerry-core/ecma/operations/ecma-container-object.c:247
#10 0x5658b431 in ecma_op_container_set (this_arg=4126148595, key_arg=4126148307, value_arg=72, lit_id=LIT_MAGIC_STRING_MAP_UL) at jerryscript/jerry-core/ecma/operations/ecma-container-object.c:395
#11 0x565c20e8 in ecma_builtin_map_prototype_object_set (this_arg=4126148595, key_arg=4126148307, value_arg=72) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-map-prototype.c:132
#12 0x565c1f97 in ecma_builtin_map_prototype_dispatch_routine (builtin_routine_id=76, this_arg_value=4126148595, arguments_list=0xffffc1f0, arguments_number=1) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-map-prototype.inc.h:46
#13 0x56620ee4 in ecma_builtin_dispatch_routine (builtin_object_id=ECMA_BUILTIN_ID_MAP_PROTOTYPE, builtin_routine_id=76, this_arg_value=4126148595, arguments_list_p=0xffffc1f0, arguments_list_len=1) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1025
#14 0x56621145 in ecma_builtin_dispatch_call (obj_p=0xf5f00760, this_arg_value=4126148595, arguments_list_p=0xffffc498, arguments_list_len=1) at jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1050
#15 0x566331de in ecma_op_function_call (func_obj_p=0xf5f00760, this_arg_value=4126148595, arguments_list_p=0xffffc498, arguments_list_len=1) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:729
#16 0x565e83a1 in opfunc_call (frame_ctx_p=0xffffc510) at jerryscript/jerry-core/vm/vm.c:581
#17 0x565f9543 in vm_execute (frame_ctx_p=0xffffc510, arg_p=0xffffc764, arg_list_len=1) at jerryscript/jerry-core/vm/vm.c:3618
#18 0x565f9e47 in vm_run (bytecode_header_p=0xf5101ad0, this_binding_value=4126149459, lex_env_p=0xf5d007b0, parse_opts=0, arg_list_p=0xffffc764, arg_list_len=1) at jerryscript/jerry-core/vm/vm.c:3738
#19 0x5663353f in ecma_op_function_call (func_obj_p=0xf5f008b0, this_arg_value=72, arguments_list_p=0xffffc764, arguments_list_len=1) at jerryscript/jerry-core/ecma/operations/ecma-function-object.c:807
#20 0x565e83a1 in opfunc_call (frame_ctx_p=0xffffc7e0) at jerryscript/jerry-core/vm/vm.c:581
#21 0x565f9543 in vm_execute (frame_ctx_p=0xffffc7e0, arg_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3618
#22 0x565f9e47 in vm_run (bytecode_header_p=0xf4f00f50, this_binding_value=4126149459, lex_env_p=0xf5d007b0, parse_opts=0, arg_list_p=0x0, arg_list_len=0) at jerryscript/jerry-core/vm/vm.c:3738
#23 0x565e7638 in vm_run_global (bytecode_p=0xf4f00f50) at jerryscript/jerry-core/vm/vm.c:282
#24 0x56640e26 in jerry_run (func_val=4126148835) at jerryscript/jerry-core/api/jerry.c:570
#25 0x5663d78a in main (argc=3, argv=0xffffcc14) at jerryscript/jerry-main/main-unix.c:743

Found by Fuzzinator with grammarinator.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugUndesired behaviourecma coreRelated to core ECMA functionality

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions