Closed
Description
Revision
Build
./tools/build.py --clean --debug --compile-flag=-fsanitize=address
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer
--compile-flag=-fno-common --compile-flag=-g
--strip=off --system-allocator=on --logging=on
--error-messages=on --profile=es2015-subset
OS
Linux 4.15.0-58-generic #64-Ubuntu x86_64 GNU/Linux
Test case
var symbol = Symbol();
var arr = [{}];
with (arr.pop()){
arr.push(symbol.valueOf());
}
arr.length = String.fromCharCode(Object.freeze(arr));
Backtrace
Run with jerry --abort-on-fail poc.js
ICE: Assertion 'JERRY_CONTEXT (jmem_heap_allocated_size) == 0' failed at /jerryscript/jerry-core/jmem/jmem-heap.c(jmem_heap_finalize):106.
Error: ERR_FAILED_INTERNAL_ASSERTION
Program received signal SIGABRT, Aborted.
0xf7fd5059 in __kernel_vsyscall ()
(gdb) bt
#0 0xf7fd5059 in __kernel_vsyscall ()
#1 0xf7841452 in raise () from /lib32/libc.so.6
#2 0xf7842871 in abort () from /lib32/libc.so.6
#3 0x566c737e in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at /jerryscript/jerry-port/default/default-fatal.c:71
#4 0x56652060 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at /jerryscript/jerry-core/jrt/jrt-fatals.c:58
#5 0x566520a1 in jerry_assert_fail (assertion=0x566ed900 "JERRY_CONTEXT (jmem_heap_allocated_size) == 0", file=0x566ed8a0 "/jerryscript/jerry-core/jmem/jmem-heap.c", function=0x56707960 <__func__.18391> "jmem_heap_finalize", line=106)
at /jerryscript/jerry-core/jrt/jrt-fatals.c:82
#6 0x56651766 in jmem_heap_finalize () at /jerryscript/jerry-core/jmem/jmem-heap.c:106
#7 0x566515bc in jmem_finalize () at /jerryscript/jerry-core/jmem/jmem-allocator.c:170
#8 0x5656ff89 in jerry_cleanup () at /jerryscript/jerry-core/api/jerry.c:231
#9 0x5656ddae in main (argc=3, argv=0xffffd3f4) at /jerryscript/jerry-main/main-unix.c:941