Segmentation fault in mem_pools_alloc (from ecma_alloc_string)

[renatahodovan]

Jerry version:

Checked revision: e1c8a2e
Build: debug.linux

OS:

Ubuntu 15.10, x86_64

Test case:

try { new (this.$)(new (this.RegExp)().ignoreCase).$ ()  } catch($){}
try { new (this.String)() .constructor.prototype.match()  } catch($){}
try { this.RegExp().compile() } catch($){}
try { this.$(this.RegExp.prototype .compile (this.RegExp.prototype))  } catch($){}

Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x000000000047a61d in mem_pools_alloc () at  jerryscript/jerry-core/mem/mem-poolman.c:147
147     mem_free_chunk_p = chunk_p->next_p;
(gdb) bt
#0   0x000000000047a61d in mem_pools_alloc () at  jerryscript/jerry-core/mem/mem-poolman.c:147
#1   0x000000000044a1ea in ecma_alloc_string () at  jerryscript/jerry-core/ecma/base/ecma-alloc.c:95
#2   0x000000000043bdc2 in ecma_new_ecma_string_from_magic_string_id (id=LIT_MAGIC_STRING_MULTILINE)
    at  jerryscript/jerry-core/ecma/base/ecma-helpers-string.c:315
#3   0x0000000000436ff2 in ecma_get_magic_string (id=LIT_MAGIC_STRING_MULTILINE)
    at  jerryscript/jerry-core/ecma/base/ecma-helpers-string.c:1416
#4   0x000000000042e83f in re_initialize_props (re_obj_p=0x8b3150 <mem_heap+208>, source_p=0x8b36f8 <mem_heap+1656>, flags=0)
    at  jerryscript/jerry-core/ecma/operations/ecma-regexp-object.c:189
#5   0x0000000000475e83 in ecma_builtin_regexp_prototype_compile (this_arg=211, pattern_arg=211, flags_arg=24)
    at  jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-regexp-prototype.c:149
#6   0x0000000000475a4e in ecma_builtin_regexp_prototype_dispatch_routine (builtin_routine_id=201, this_arg_value=211, arguments_list=0x7fffffffcb60, 
    arguments_number=1) at  jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-regexp-prototype.inc.h:90
#7   0x0000000000474be3 in ecma_builtin_dispatch_routine (builtin_object_id=ECMA_BUILTIN_ID_REGEXP_PROTOTYPE, builtin_routine_id=201, this_arg_value=211, 
    arguments_list=0x7fffffffcb60, arguments_number=1)
    at  jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.inc.h:163
#8   0x000000000047442c in ecma_builtin_dispatch_call (obj_p=0x8b3688 <mem_heap+1544>, this_arg_value=211, arguments_list_p=0x7fffffffcb60, 
    arguments_list_len=1) at  jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:531
#9   0x000000000043a430 in ecma_op_function_call (func_obj_p=0x8b3688 <mem_heap+1544>, this_arg_value=211, arguments_list_p=0x7fffffffcb60, 
    arguments_list_len=1) at  jerryscript/jerry-core/ecma/operations/ecma-function-object.c:649
#10  0x000000000047ad99 in opfunc_call.lto_priv.799 (frame_ctx_p=0x7fffffffcbc0) at  jerryscript/jerry-core/vm/vm.c:379
#11  0x000000000047a0f7 in vm_execute (frame_ctx_p=0x7fffffffcbc0, arg_p=0x0, arg_list_len=0)
    at  jerryscript/jerry-core/vm/vm.c:2504
#12  0x000000000047a1bf in vm_run_with_inline_stack.lto_priv.796 (frame_ctx_p=0x7fffffffcbc0, arg_p=0x0, arg_list_len=1)
    at  jerryscript/jerry-core/vm/vm.c:2540
#13  0x00000000004766d0 in vm_run (bytecode_header_p=0x8b3340 <mem_heap+704>, this_binding_value=35, lex_env_p=0x8b30b8 <mem_heap+56>, is_eval_code=false, 
    arg_list_p=0x0, arg_list_len=1) at  jerryscript/jerry-core/vm/vm.c:2614
#14  0x000000000047a9d2 in vm_run_global (error_value_p=0x7fffffffcca8) at  jerryscript/jerry-core/vm/vm.c:190
#15  0x000000000048194a in jerry_run (error_value_p=0x7fffffffce40) at  jerryscript/jerry-core/jerry.c:1748
#16  0x000000000047fbc2 in main (argc=2, argv=0x7fffffffd338) at  jerryscript/main-unix.c:511