Description
Seemingly infinite loop while trying to convert a string representing an exponential number to a number.
On Ubuntu 16.04.2,
$ python tools/build.py --compile-flag=-m32 --clean --jerry-libc=OFF --system-allocator ON --compile-flag=-ggdb3 --debug --link-lib mcheck
$ cat hang.js
777E7777777777-----00,');
$ MALLOC_CHECK_=1 gdb -q -x mcheck.gdb --args ./build/bin/jerry hang.js
Reading symbols from ./build/bin/jerry...done.
Breakpoint 1 at 0x80ac9a8: file /afl/jerryscript/jerry-main/main-unix.c, line 410.
Breakpoint 1, main (argc=0x2, argv=0xffffd644) at /afl/jerryscript/jerry-main/main-unix.c:410
410 {
$1 = 0x0
^C
Program received signal SIGINT, Interrupt.
0x080a049f in ecma_utf8_string_to_number (str_p=0x8178240 <buffer.lto_priv> "777E7777777777-----00,');\n", str_size=0xe) at /afl/jerryscript/jerry-core/ecma/base/ecma-helpers-conversion.c:694
694 ECMA_NUMBER_CONVERSION_128BIT_INTEGER_DIV_10 (fraction_uint128);
(gdb) shell date
Fri Aug 18 13:57:58 PDT 2017
(gdb) c
Continuing.
^C
Program received signal SIGINT, Interrupt.
0x080a1097 in ecma_utf8_string_to_number (str_p=0x8178240 <buffer.lto_priv> "777E7777777777-----00,');\n", str_size=0xe) at /afl/jerryscript/jerry-core/ecma/base/ecma-helpers-conversion.c:694
694 ECMA_NUMBER_CONVERSION_128BIT_INTEGER_DIV_10 (fraction_uint128);
(gdb) shell date
Fri Aug 18 13:58:31 PDT 2017
(gdb) where
#0 0x080a1097 in ecma_utf8_string_to_number (str_p=0x8178240 <buffer.lto_priv> "777E7777777777-----00,');\n", str_size=0xe)
at /afl/jerryscript/jerry-core/ecma/base/ecma-helpers-conversion.c:694
#1 0x080549cc in lexer_construct_number_object (context_p=0xffffd268, push_number_allowed=0x1, is_negative_number=0x0) at /afl/jerryscript/jerry-core/parser/js/js-lexer.c:1540
#2 0x0805263e in parser_parse_unary_expression.lto_priv.139 (context_p=0xffffd268, grouping_level_p=0xffffd1a0) at /afl/jerryscript/jerry-core/parser/js/js-parser-expr.c:529
#3 0x0804c242 in parser_parse_expression (context_p=0xffffd268, options=0x2) at /afl/jerryscript/jerry-core/parser/js/js-parser-expr.c:1363
#4 0x08058f70 in parser_parse_statements (context_p=0xffffd268) at /afl/jerryscript/jerry-core/parser/js/js-parser-statm.c:1981
#5 0x08089b77 in parser_parse_source.lto_priv.433 (source_p=0x8178240 <buffer.lto_priv> "777E7777777777-----00,');\n", size=0x1a, strict_mode=0x0, error_location_p=0xffffd3d4)
at /afl/jerryscript/jerry-core/parser/js/js-parser.c:2042
#6 0x080831a5 in parser_parse_script (source_p=0x8178240 <buffer.lto_priv> "777E7777777777-----00,');\n", size=0x1a, is_strict=0x0, bytecode_data_p=0xffffd410)
at /afl/jerryscript/jerry-core/parser/js/js-parser.c:2496
#7 0x080ae1ad in jerry_parse (source_p=0x8178240 <buffer.lto_priv> "777E7777777777-----00,');\n", source_size=0x1a, is_strict=0x0) at /afl/jerryscript/jerry-core/api/jerry.c:326
#8 0x080ae24d in jerry_parse_named_resource (name_p=0xffffd7bf "hang.js", name_length=0x7, source_p=0x8178240 <buffer.lto_priv> "777E7777777777-----00,');\n", source_size=0x1a, is_strict=0x0)
at /afl/jerryscript/jerry-core/api/jerry.c:381
#9 0x080ad197 in main (argc=0x2, argv=0xffffd644) at /afl/jerryscript/jerry-main/main-unix.c:682
(gdb)