-
Notifications
You must be signed in to change notification settings - Fork 684
Open
Labels
bugUndesired behaviourUndesired behaviourfuzzingRelated to fuzz testing of the engineRelated to fuzz testing of the engineparserRelated to the JavaScript parserRelated to the JavaScript parser
Description
JerryScript revision
Commit: 05dbbd1
Version: v3.0.0
Build platform
Ubuntu 20.04.5 LTS (Linux 5.4.0-144-generic x86_64)
Build steps
python ./tools/build.py --clean --debug --compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer --compile-flag=-fno-common --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --error-messages=on --system-allocator=on --logging=on --line-info=on --stack-limit=20
Test case
// poc.js
async ( v1 = eval ( " " ) ) => { " use strict " ; eval ( " " ) ; }
Execution steps & Output
$ ./jerryscript/build/bin/jerry poc.js
ICE: Assertion 'context_p->stack_depth <= 1' failed at jerryscript/jerry-core/parser/js/js-parser-statm.c(parser_parse_statements):2621.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted
Backtrace
#0 0xf7ef4549 in __kernel_vsyscall ()
#1 0xf7bb7416 in raise () from /lib/i386-linux-gnu/libc.so.6
#2 0xf7b9f3f7 in abort () from /lib/i386-linux-gnu/libc.so.6
#3 0x0844315a in jerry_port_fatal (code=JERRY_FATAL_FAILED_ASSERTION)
at jerryscript/jerry-port/common/jerry-port-process.c:29
#4 0x0827f2e5 in jerry_fatal (code=JERRY_FATAL_FAILED_ASSERTION)
at jerryscript/jerry-core/jrt/jrt-fatals.c:63
#5 0x0827f337 in jerry_assert_fail (
assertion=0x84cf680 <str> "context_p->stack_depth <= 1",
file=0x84cf5c0 <str> "jerryscript/jerry-core/parser/js/js-parser-statm.c",
function=0x84cf640 <__func__.parser_parse_statements> "parser_parse_statements", line=2621)
at jerryscript/jerry-core/jrt/jrt-fatals.c:83
#6 0x08422aea in parser_parse_statements (context_p=<optimized out>)
at jerryscript/jerry-core/parser/js/js-parser-statm.c:2621
#7 0x082a0cd5 in parser_parse_arrow_function (context_p=<optimized out>,
status_flags=<optimized out>)
at jerryscript/jerry-core/parser/js/js-parser.c:2838
#8 0x083d5570 in lexer_construct_function_object (context_p=0xffa5d050,
extra_status_flags=106498)
at jerryscript/jerry-core/parser/js/js-lexer.c:2699
#9 0x083fac8d in parser_parse_function_expression (context_p=<optimized out>,
status_flags=<optimized out>)
at jerryscript/jerry-core/parser/js/js-parser-expr.c:1640
#10 0x083efe62 in parser_parse_unary_expression (context_p=<optimized out>,
grouping_level_p=<optimized out>)
at jerryscript/jerry-core/parser/js/js-parser-expr.c:2030
#11 parser_parse_expression (context_p=<optimized out>,
options=<optimized out>)
at jerryscript/jerry-core/parser/js/js-parser-expr.c:4115
#12 0x083f523e in parser_parse_block_expression (context_p=0xffa5d050,
options=0)
at jerryscript/jerry-core/parser/js/js-parser-expr.c:4065
#13 0x08415860 in parser_parse_statements (context_p=<optimized out>)
at jerryscript/jerry-core/parser/js/js-parser-statm.c:3079
#14 0x082a6c48 in parser_parse_source (source_p=<optimized out>,
parse_opts=<optimized out>, options_p=0xffa5d420)
at jerryscript/jerry-core/parser/js/js-parser.c:2280
#15 0x082a41f7 in parser_parse_script (source_p=0xffa5d350, parse_opts=0,
options_p=0xffa5d420)
at jerryscript/jerry-core/parser/js/js-parser.c:3326
#16 0x0812e222 in jerry_parse_common (source_p=<optimized out>,
options_p=<optimized out>, parse_opts=<optimized out>)
at jerryscript/jerry-core/api/jerryscript.c:412
#17 0x0812dd5d in jerry_parse (source_p=<optimized out>,
source_size=<optimized out>, options_p=<optimized out>)
at jerryscript/jerry-core/api/jerryscript.c:480
#18 0x0844099f in jerryx_source_parse_script (path_p=<optimized out>)
at jerryscript/jerry-ext/util/sources.c:52
#19 0x08440d03 in jerryx_source_exec_script (path_p=0xffa5e089 "poc.js")
at jerryscript/jerry-ext/util/sources.c:63
#20 0x08121609 in main (argc=<optimized out>, argv=<optimized out>)
at jerryscript/jerry-main/main-desktop.c:156
Metadata
Metadata
Assignees
Labels
bugUndesired behaviourUndesired behaviourfuzzingRelated to fuzz testing of the engineRelated to fuzz testing of the engineparserRelated to the JavaScript parserRelated to the JavaScript parser