Skip to content

Assertion scope_stack_p > context_p->scope_stack_p in scanner_literal_is_created #5005

New issue
New issue
Open
Open
Assertion scope_stack_p > context_p->scope_stack_p in scanner_literal_is_created#5005
Labels
bugUndesired behaviourfuzzingRelated to fuzz testing of the engineparserRelated to the JavaScript parser
@renatahodovan

Description

@renatahodovan
renatahodovan
opened on Apr 25, 2022
JerryScript revision

0d49696

Build platform

Linux-5.4.0-104-generic-x86_64-with-glibc2.29

Build steps
./tools/build.py --clean --debug --profile=es.next  --error-messages=ON --logging=ON
Test case
new { async [ yield ] ( ... yield ) { }}
Output
ICE: Assertion 'scope_stack_p > context_p->scope_stack_p' failed at jerryscript/jerry-core/parser/js/js-scanner-util.c(scanner_literal_is_created):2920.
Error: JERRY_FATAL_FAILED_ASSERTION
AddressSanitizer:DEADLYSIGNAL
=================================================================
==698757==ERROR: AddressSanitizer: ABRT on unknown address 0x03e9000aa985 (pc 0x7fe4192d503b bp 0x7ffe32c02ff0 sp 0x7ffe32c02d80 T0)
    #0 0x7fe4192d503b in raise /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1
    #1 0x7fe4192b4858 in abort /build/glibc-sMfBJT/glibc-2.31/stdlib/abort.c:79:7
    #2 0x806f07 in jerry_port_fatal jerryscript/jerry-port/common/jerry-port-process.c:29:5
    #3 0x6281ca in jerry_fatal jerryscript/jerry-core/jrt/jrt-fatals.c:63:3
    #4 0x627f7a in jerry_assert_fail jerryscript/jerry-core/jrt/jrt-fatals.c:83:3
    #5 0x670b4c in scanner_literal_is_created jerryscript/jerry-core/parser/js/js-scanner-util.c:2920:5
    #6 0x63cf16 in parser_parse_function_arguments jerryscript/jerry-core/parser/js/js-parser.c:1824:13
    #7 0x638a5c in parser_parse_function jerryscript/jerry-core/parser/js/js-parser.c:2685:3
    #8 0x799476 in lexer_construct_function_object jerryscript/jerry-core/parser/js/js-lexer.c:2695:23
    #9 0x7c5bee in parser_parse_object_literal jerryscript/jerry-core/parser/js/js-parser-expr.c:1405:43
    #10 0x7b3107 in parser_parse_unary_expression jerryscript/jerry-core/parser/js/js-parser-expr.c:2133:7
    #11 0x7a6d30 in parser_parse_expression jerryscript/jerry-core/parser/js/js-parser-expr.c:4115:9
    #12 0x7aee42 in parser_parse_block_expression jerryscript/jerry-core/parser/js/js-parser-expr.c:4065:3
    #13 0x7da34d in parser_parse_statements jerryscript/jerry-core/parser/js/js-parser-statm.c:3079:11
    #14 0x650243 in parser_parse_source jerryscript/jerry-core/parser/js/js-parser.c:2280:5
    #15 0x64bcca in parser_parse_script jerryscript/jerry-core/parser/js/js-parser.c:3326:38
    #16 0x4cd866 in jerry_parse_common jerryscript/jerry-core/api/jerryscript.c:412:21
    #17 0x4cd103 in jerry_parse jerryscript/jerry-core/api/jerryscript.c:480:10
    #18 0x805137 in jerryx_source_parse_script jerryscript/jerry-ext/util/sources.c:52:26
    #19 0x80526e in jerryx_source_exec_script jerryscript/jerry-ext/util/sources.c:63:26
    #20 0x4c4cb6 in main jerryscript/jerry-main/main-desktop.c:156:20
    #21 0x7fe4192b60b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
    #22 0x41c53d in _start (jerryscript/build/bin/jerry+0x41c53d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT /build/glibc-sMfBJT/glibc-2.31/signal/../sysdeps/unix/sysv/linux/raise.c:51:1 in raise
==698757==ABORTING
Backtrace
bt
#0  �[33m__GI_raise�[m (�[36msig=sig@entry�[m=6) at �[32m../sysdeps/unix/sysv/linux/raise.c�[m:50
#1  �[34m0x00007ffff7c33859�[m in �[33m__GI_abort�[m () at �[32mabort.c�[m:79
#2  �[34m0x0000000000806f08�[m in �[33mjerry_port_fatal�[m (�[36mcode�[m=JERRY_FATAL_FAILED_ASSERTION) at �[32mjerryscript/jerry-port/common/jerry-port-process.c�[m:29
#3  �[34m0x00000000006281cb�[m in �[33mjerry_fatal�[m (�[36mcode�[m=JERRY_FATAL_FAILED_ASSERTION) at �[32mjerryscript/jerry-core/jrt/jrt-fatals.c�[m:63
#4  �[34m0x0000000000627f7b�[m in �[33mjerry_assert_fail�[m (�[36massertion�[m=0x863b80 <str> "scope_stack_p > context_p->scope_stack_p", �[36mfile�[m=0x861a20 <str> "jerryscript/jerry-core/parser/js/js-scanner-util.c", �[36mfunction�[m=0x863cc0 <__func__.scanner_literal_is_created> "scanner_literal_is_created", �[36mline�[m=2920) at �[32mjerryscript/jerry-core/jrt/jrt-fatals.c�[m:83
#5  �[34m0x0000000000670b4d�[m in �[33mscanner_literal_is_created�[m (�[36mcontext_p�[m=0x7fffffffcd20, �[36mliteral_index�[m=0) at �[32mjerryscript/jerry-core/parser/js/js-scanner-util.c�[m:2920
#6  �[34m0x000000000063cf17�[m in �[33mparser_parse_function_arguments�[m (�[36mcontext_p�[m=0x7fffffffcd20, �[36mend_type�[m=LEXER_RIGHT_PAREN) at �[32mjerryscript/jerry-core/parser/js/js-parser.c�[m:1824
#7  �[34m0x0000000000638a5d�[m in �[33mparser_parse_function�[m (�[36mcontext_p�[m=0x7fffffffcd20, �[36mstatus_flags�[m=98310) at �[32mjerryscript/jerry-core/parser/js/js-parser.c�[m:2685
#8  �[34m0x0000000000799477�[m in �[33mlexer_construct_function_object�[m (�[36mcontext_p�[m=0x7fffffffcd20, �[36mextra_status_flags�[m=98310) at �[32mjerryscript/jerry-core/parser/js/js-lexer.c�[m:2695
#9  �[34m0x00000000007c5bef�[m in �[33mparser_parse_object_literal�[m (�[36mcontext_p�[m=0x7fffffffcd20) at �[32mjerryscript/jerry-core/parser/js/js-parser-expr.c�[m:1405
#10 �[34m0x00000000007b3108�[m in �[33mparser_parse_unary_expression�[m (�[36mcontext_p�[m=0x7fffffffcd20, �[36mgrouping_level_p�[m=0x7fffffffb3c0) at �[32mjerryscript/jerry-core/parser/js/js-parser-expr.c�[m:2133
#11 �[34m0x00000000007a6d31�[m in �[33mparser_parse_expression�[m (�[36mcontext_p�[m=0x7fffffffcd20, �[36moptions�[m=2) at �[32mjerryscript/jerry-core/parser/js/js-parser-expr.c�[m:4115
#12 �[34m0x00000000007aee43�[m in �[33mparser_parse_block_expression�[m (�[36mcontext_p�[m=0x7fffffffcd20, �[36moptions�[m=0) at �[32mjerryscript/jerry-core/parser/js/js-parser-expr.c�[m:4065
#13 �[34m0x00000000007da34e�[m in �[33mparser_parse_statements�[m (�[36mcontext_p�[m=0x7fffffffcd20) at �[32mjerryscript/jerry-core/parser/js/js-parser-statm.c�[m:3079
#14 �[34m0x0000000000650244�[m in �[33mparser_parse_source�[m (�[36msource_p�[m=0x7fffffffd3a0, �[36mparse_opts�[m=0, �[36moptions_p�[m=0x7fffffffd4d0) at �[32mjerryscript/jerry-core/parser/js/js-parser.c�[m:2280
#15 �[34m0x000000000064bccb�[m in �[33mparser_parse_script�[m (�[36msource_p�[m=0x7fffffffd3a0, �[36mparse_opts�[m=0, �[36moptions_p�[m=0x7fffffffd4d0) at �[32mjerryscript/jerry-core/parser/js/js-parser.c�[m:3326
#16 �[34m0x00000000004cd867�[m in �[33mjerry_parse_common�[m (�[36msource_p�[m=0x7fffffffd3a0, �[36moptions_p�[m=0x7fffffffd4d0, �[36mparse_opts�[m=0) at �[32mjerryscript/jerry-core/api/jerryscript.c�[m:412
#17 �[34m0x00000000004cd104�[m in �[33mjerry_parse�[m (�[36msource_p�[m=0x60f000000040 "new { async [ yield     ]  ( ... yield       ) { { }     }    , [ let    ?? yield       ]  ( ... { }    + class { }        ) { try { }  finally { }       }    }", ' ' <repeats 13 times>, �[36msource_size�[m=173, �[36moptions_p�[m=0x7fffffffd4d0) at �[32mjerryscript/jerry-core/api/jerryscript.c�[m:480
#18 �[34m0x0000000000805138�[m in �[33mjerryx_source_parse_script�[m (�[36mpath_p�[m=0x7fffffffde38 "/run/user/1001/fuzzinator/697673/698753-FileWriterDecorator-3723f093c7934ab69135d6408fa0ee48/0.js") at �[32mjerryscript/jerry-ext/util/sources.c�[m:52
#19 �[34m0x000000000080526f�[m in �[33mjerryx_source_exec_script�[m (�[36mpath_p�[m=0x7fffffffde38 "/run/user/1001/fuzzinator/697673/698753-FileWriterDecorator-3723f093c7934ab69135d6408fa0ee48/0.js") at �[32mjerryscript/jerry-ext/util/sources.c�[m:63
#20 �[34m0x00000000004c4cb7�[m in �[33mmain�[m (�[36margc�[m=2, �[36margv�[m=0x7fffffffdb08) at �[32mjerryscript/jerry-main/main-desktop.c�[m:156

Found by Fuzzinator with grammarinator.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugUndesired behaviourfuzzingRelated to fuzz testing of the engineparserRelated to the JavaScript parser

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions