Closed
Description
JerryScript revision
Build platform
Linux-4.15.0-88-generic-x86_64-with-Ubuntu-18.04-bionic
Build steps
./tools/build.py --clean --debug --compile-flag=-fsanitize=address \
--compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer \
--compile-flag=-fno-common --compile-flag=-g \
--strip=off --system-allocator=on --logging=on \
--linker-flag=-fuse-ld=gold --error-messages=on --profile=es2015-subset
Test case
var a = [$];
var $ = a.lastIndexOf($, {
valueOf: function() {
a.length = 0
}
})Output
ICE: Assertion 'compressed_pointer != JMEM_CP_NULL' failed at jerryscript/jerry-core/jmem/jmem-allocator.c(jmem_decompress_pointer):215.
Error: ERR_FAILED_INTERNAL_ASSERTION
ASAN:DEADLYSIGNAL
=================================================================
==6827==ERROR: AddressSanitizer: ABRT on unknown address 0x00001aab (pc 0xf7fb3079 bp 0xff9cc0bc sp 0xff9cc0a0 T0)
#0 0xf7fb3078 (linux-gate.so.1+0x1078)
#1 0xf7fb3078 (linux-gate.so.1+0x1078)
#2 0xf77da831 in raise (/lib/i386-linux-gnu/libc.so.6+0x2d831)
#3 0xf77dbcc0 in abort (/lib/i386-linux-gnu/libc.so.6+0x2ecc0)
#4 0x56603444 in jerry_port_fatal jerryscript/jerry-port/default/default-fatal.c:30
#5 0x566bab09 in jerry_fatal jerryscript/jerry-core/jrt/jrt-fatals.c:63
#6 0x566bab4a in jerry_assert_fail jerryscript/jerry-core/jrt/jrt-fatals.c:87
#7 0x566b9be9 in jmem_decompress_pointer jerryscript/jerry-core/jmem/jmem-allocator.c:215
#8 0x5666dd30 in ecma_builtin_array_prototype_object_last_index_of jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-array-prototype.c:1782
#9 0x56670e86 in ecma_builtin_array_prototype_dispatch_routine jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-array-prototype.c:2721
#10 0x566fcac4 in ecma_builtin_dispatch_routine jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1095
#11 0x566fcc9c in ecma_builtin_dispatch_call jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1119
#12 0x566d5732 in ecma_op_function_call_simple jerryscript/jerry-core/ecma/operations/ecma-function-object.c:782
#13 0x566d6602 in ecma_op_function_call jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1085
#14 0x5669cc95 in opfunc_call.lto_priv.465 jerryscript/jerry-core/vm/vm.c:764
#15 0x5665d449 in vm_execute jerryscript/jerry-core/vm/vm.c:4130
#16 0x5665d9c1 in vm_run jerryscript/jerry-core/vm/vm.c:4232
#17 0x5669b2e1 in vm_run_global jerryscript/jerry-core/vm/vm.c:321
#18 0x5671ee1a in jerry_run jerryscript/jerry-core/api/jerry.c:596
#19 0x5671b404 in main jerryscript/jerry-main/main-unix.c:759
#20 0xf77c5e80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80)
#21 0x565f6300 (jerryscript/build_gcc_asan_es2015/bin/jerry+0x1a300)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (linux-gate.so.1+0x1078)
==6827==ABORTING
Found by Fuzzinator with grammarinator.