Closed
Description
JerryScript revision
Build platform
Linux-4.15.0-62-generic-x86_64-with-Ubuntu-18.04-bionic
Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset
Test case
function $($ = $, ... d) { for ( var $; $; $); }Output
ICE: Assertion 'context_p->token.type != LEXER_RIGHT_PAREN' failed at jerryscript/jerry-core/parser/js/js-parser-statm.c(parser_parse_for_statement_start):1103.
Error: ERR_FAILED_INTERNAL_ASSERTION
Backtrace
bt
#0 0xf7fd5079 in __kernel_vsyscall ()
#1 0xf77fc832 in raise () from /lib/i386-linux-gnu/libc.so.6
#2 0xf77fdcc1 in abort () from /lib/i386-linux-gnu/libc.so.6
#3 0x565797cf in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-port/default/default-fatal.c:71
#4 0x56613186 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5 0x566131c7 in jerry_assert_fail (assertion=0x566a3c20 "context_p->token.type != LEXER_RIGHT_PAREN", file=0x566a35c0 "jerryscript/jerry-core/parser/js/js-parser-statm.c", function=0x56693ce0 <__func__.5372.lto_priv.197> "parser_parse_for_statement_start", line=1103) at jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6 0x565b06d4 in parser_parse_for_statement_start.lto_priv.186 (context_p=0xffffc4b0) at jerryscript/jerry-core/parser/js/js-parser-statm.c:1103
#7 0x5656fcab in parser_parse_statements (context_p=0xffffc4b0) at jerryscript/jerry-core/parser/js/js-parser-statm.c:2413
#8 0x565d37d3 in parser_parse_function (context_p=0xffffc4b0, status_flags=6) at jerryscript/jerry-core/parser/js/js-parser.c:2782
#9 0x5659718f in lexer_construct_function_object (context_p=0xffffc4b0, extra_status_flags=6) at jerryscript/jerry-core/parser/js/js-lexer.c:1978
#10 0x565acbed in parser_parse_function_statement.lto_priv.190 (context_p=0xffffc4b0) at jerryscript/jerry-core/parser/js/js-parser-statm.c:469
#11 0x5656fa83 in parser_parse_statements (context_p=0xffffc4b0) at jerryscript/jerry-core/parser/js/js-parser-statm.c:2371
#12 0x565d17f7 in parser_parse_source (arg_list_p=0x0, arg_list_size=0, source_p=0x566eda60 <buffer.lto_priv> "function CheckSyntaxError ( str ) { try { eval ( str ) ; \nprint ( false ) ; \n} catch ( e ) { print ( e instanceof SyntaxError ) ; \n} \ntry { eval ( 'switch (1) { default: ' + str + '}' ) ; \nprint ( fal"..., source_size=1634, parse_opts=0, error_location_p=0xffffc6c0) at jerryscript/jerry-core/parser/js/js-parser.c:2530
#13 0x565d455d in parser_parse_script (arg_list_p=0x0, arg_list_size=0, source_p=0x566eda60 <buffer.lto_priv> "function CheckSyntaxError ( str ) { try { eval ( str ) ; \nprint ( false ) ; \n} catch ( e ) { print ( e instanceof SyntaxError ) ; \n} \ntry { eval ( 'switch (1) { default: ' + str + '}' ) ; \nprint ( fal"..., source_size=1634, parse_opts=0, bytecode_data_p=0xffffc780) at jerryscript/jerry-core/parser/js/js-parser.c:2993
#14 0x56646a72 in jerry_parse (resource_name_p=0xffffcd9e "/home/reni/.fuzzinator_4700//jerryscript/picireny/241539370413020919875576301442750382603.js", resource_name_length=92, source_p=0x566eda60 <buffer.lto_priv> "function CheckSyntaxError ( str ) { try { eval ( str ) ; \nprint ( false ) ; \n} catch ( e ) { print ( e instanceof SyntaxError ) ; \n} \ntry { eval ( 'switch (1) { default: ' + str + '}' ) ; \nprint ( fal"..., source_size=1634, parse_opts=0) at jerryscript/jerry-core/api/jerry.c:420
#15 0x566439c7 in main (argc=3, argv=0xffffcb14) at jerryscript/jerry-main/main-unix.c:734
Found by Fuzzinator with grammarinator.