Memory leak in ecma-dataview-object.c

[Symatrix6]

JerryScript revision

3737a28

Build platform

Ubuntu 20.04.3 LTS (Linux 5.11.0-34-generic x86_64)

Build steps

./tools/build.py --profile=es2015-subset --lto=off --compile-flag=-g
--clean --debug --strip=off --logging=on --error-messages=on
--compile-flag=-fsanitize=address --stack-limit=20

Test case

var a = new ArrayBuffer(600000);
var b = new DataView(a).setInt8();

Output

RangeError: Cannot allocate memory for ArrayBuffer
ICE: Assertion 'JERRY_CONTEXT (jmem_heap_allocated_size) == 0' failed at /home/sy/Documents/jerry/jerryscript/jerry-core/jmem/jmem-heap.c(jmem_heap_finalize):108.
Error: ERR_FAILED_INTERNAL_ASSERTION
Aborted (core dumped)

Backtrace

#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007fe981727859 in __GI_abort () at abort.c:79
#2 0x000055813bbf2c4c in jerry_port_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at /home/sy/Documents/jerry/jerryscript/jerry-port/default/default-fatal.c:30
#3 0x000055813bb086a5 in jerry_fatal (code=ERR_FAILED_INTERNAL_ASSERTION) at /home/sy/Documents/jerry/jerryscript/jerry-core/jrt/jrt-fatals.c:63
#4 0x000055813bb08700 in jerry_assert_fail (assertion=0x55813bc21720 "JERRY_CONTEXT (jmem_heap_allocated_size) == 0", file=0x55813bc21640 "/home/sy/Documents/jerry/jerryscript/jerry-core/jmem/jmem-heap.c", function=0x55813bc21d40 <func.6880> "jmem_heap_finalize", line=108) at /home/sy/Documents/jerry/jerryscript/jerry-core/jrt/jrt-fatals.c:83
#5 0x000055813bb066c9 in jmem_heap_finalize () at /home/sy/Documents/jerry/jerryscript/jerry-core/jmem/jmem-heap.c:108
#6 0x000055813bb06230 in jmem_finalize () at /home/sy/Documents/jerry/jerryscript/jerry-core/jmem/jmem-allocator.c:171
#7 0x000055813ba5ad0b in jerry_cleanup () at /home/sy/Documents/jerry/jerryscript/jerry-core/api/jerryscript.c:235
#8 0x000055813ba558e3 in main (argc=2, argv=0x7ffc02b65d98) at /home/sy/Documents/jerry/jerryscript/jerry-main/main-jerry.c:363
#9 0x00007fe9817290b3 in __libc_start_main (main=0x55813ba53b89

, argc=2, argv=0x7ffc02b65d98, init=, fini=, rtld_fini=, stack_end=0x7ffc02b65d88) at ../csu/libc-start.c:308
#10 0x000055813ba53ace in _start ()

Crash root cause

In /jerry-core/ecma/operations/ecma-dataview-object.c:302, if ECMA_ARRAYBUFFER_CHECK_BUFFER_ERROR failed to alloc the memory for arraybuffer, it will return a nullptr and directly return from line 304 while not freeing the value_to_set created by line 295. Add
ecma_free_value(value_to_set);
before return would solve this problem.

[batizdaniel]

This issue fixed according to #4840.