Closed
Description
JerryScript revision
Build platform
Linux-4.15.0-62-generic-x86_64-with-Ubuntu-18.04-bionic
Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset
Test case
switch ($) {
case $: function $( $ = $, ... c ) { }
case $ :
} Output
ICE: Assertion 'context_p->token.type != LEXER_COLON' failed at jerryscript/jerry-core/parser/js/js-parser-statm.c(parser_parse_case_statement):1556.
Error: ERR_FAILED_INTERNAL_ASSERTION
Backtrace
bt
#0 0xf7fd5079 in __kernel_vsyscall ()
#1 0xf77fc832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2 0xf77fdcc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3 0x5657986c in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:71
#4 0x56612a2c in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5 0x56612a6d in jerry_assert_fail (assertion=0x56692940 "context_p->token.type != LEXER_COLON", file=0x56692860 "jerryscript/jerry-core/parser/js/js-parser-statm.c", function=0x56693580 <__func__.5443> "parser_parse_case_statement", line=1556) at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6 0x5656bf31 in parser_parse_case_statement (context_p=0xffffc4b0) at jerryscript/jerry-core/parser/js/js-parser-statm.c:1556
#7 0x5656fef0 in parser_parse_statements (context_p=0xffffc4b0) at jerryscript/jerry-core/parser/js/js-parser-statm.c:2458
#8 0x565d13d7 in parser_parse_source (arg_list_p=0x0, arg_list_size=0, source_p=0x566edb00 <buffer.lto_priv> "switch ( 1 ) { case 0 : function id_0 ( a = 5 , b = a + 1 , ... c ) { return a + b + c .length ; \n} \ncase 1 : break ; \ndefault : print ( false ) ; \n} \n ", source_size=152, parse_opts=0, error_location_p=0xffffc6c0) at jerryscript/jerry-core/parser/js/js-parser.c:2530
#9 0x565d413d in parser_parse_script (arg_list_p=0x0, arg_list_size=0, source_p=0x566edb00 <buffer.lto_priv> "switch ( 1 ) { case 0 : function id_0 ( a = 5 , b = a + 1 , ... c ) { return a + b + c .length ; \n} \ncase 1 : break ; \ndefault : print ( false ) ; \n} \n ", source_size=152, parse_opts=0, bytecode_data_p=0xffffc780) at jerryscript/jerry-core/parser/js/js-parser.c:2993
#10 0x56646350 in jerry_parse (resource_name_p=0xffffcd9e "/home/reni/.fuzzinator_4700//jerryscript/picireny/274995507024498709233211231877734069138.js", resource_name_length=92, source_p=0x566edb00 <buffer.lto_priv> "switch ( 1 ) { case 0 : function id_0 ( a = 5 , b = a + 1 , ... c ) { return a + b + c .length ; \n} \ncase 1 : break ; \ndefault : print ( false ) ; \n} \n ", source_size=152, parse_opts=0) at jerryscript/jerry-core/api/jerry.c:420
#11 0x566432a5 in main (argc=3, argv=0xffffcb14) at jerryscript/jerry-main/main-unix.c:734
Found by Fuzzinator with grammarinator.