Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at /jerryscript/jerry-core/parser/js/js-parser-expr.c(parser_parse_class_body):538 #5113

Open
Qbtly opened this issue Nov 23, 2023 · 0 comments
Labels
bug Undesired behaviour fuzzing Related to fuzz testing of the engine parser Related to the JavaScript parser

Comments

@Qbtly
Copy link

Qbtly commented Nov 23, 2023

JerryScript revision

ff9ff8f

Build platform

Ubuntu 22.04.3

Build steps
python ./tools/build.py --builddir=xxx --clean --debug --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --logging=on --line-info=on --error-message=on --stack-limit=20
Test case
class JSEtest {
    #async   [  class  { [ 1 ] = class { constructor ( ) { }  apply   ;  } ; }  ]  
  }
Execution steps
./xxx/bin/jerry poc.js
Output
ICE: Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at /jerryscript/jerry-core/parser/js/js-parser-expr.c(parser_parse_class_body):538.
Error: JERRY_FATAL_FAILED_ASSERTION
Aborted
Backtrace
Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737350406336) at ./nptl/pthread_kill.c:44
44	./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737350406336) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737350406336) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140737350406336, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff7cb4476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff7c9a7f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00005555558742f5 in jerry_port_fatal (code=code@entry=JERRY_FATAL_FAILED_ASSERTION) at /jerryscript/jerry-port/common/jerry-port-process.c:29
#6  0x00005555557623b8 in jerry_fatal (code=code@entry=JERRY_FATAL_FAILED_ASSERTION) at /jerryscript/jerry-core/jrt/jrt-fatals.c:63
#7  0x000055555576226c in jerry_assert_fail (assertion=<optimized out>, file=<optimized out>, function=<optimized out>, line=line@entry=538) at /jerryscript/jerry-core/jrt/jrt-fatals.c:83
#8  0x000055555583b4b2 in parser_parse_class_body (context_p=0x7fffffffdd60, opts=PARSER_CLASS_LITERAL_NO_OPTS, class_name_index=<optimized out>) at /jerryscript/jerry-core/parser/js/js-parser-expr.c:538
#9  parser_parse_class (context_p=0x7fffffffdd60, is_statement=<optimized out>) at /jerryscript/jerry-core/parser/js/js-parser-expr.c:1110
#10 0x000055555583c550 in parser_parse_unary_expression (context_p=0x7fffffffdd60, grouping_level_p=<optimized out>) at /jerryscript/jerry-core/parser/js/js-parser-expr.c:2217
#11 parser_parse_expression (context_p=0x7fffffffdd60, options=4) at /jerryscript/jerry-core/parser/js/js-parser-expr.c:4115
#12 0x000055555583a7cc in parser_parse_class_body (context_p=0x7fffffffdd60, opts=PARSER_CLASS_LITERAL_NO_OPTS, class_name_index=<optimized out>) at /jerryscript/jerry-core/parser/js/js-parser-expr.c:843
#13 parser_parse_class (context_p=0x7fffffffdd60, is_statement=<optimized out>) at /jerryscript/jerry-core/parser/js/js-parser-expr.c:1110
#14 0x000055555583c550 in parser_parse_unary_expression (context_p=0x7fffffffdd60, grouping_level_p=<optimized out>) at /jerryscript/jerry-core/parser/js/js-parser-expr.c:2217
#15 parser_parse_expression (context_p=0x7fffffffdd60, options=4) at /jerryscript/jerry-core/parser/js/js-parser-expr.c:4115
#16 0x0000555555834d92 in lexer_expect_object_literal_id (context_p=context_p@entry=0x7fffffffdd60, ident_opts=1, ident_opts@entry=1435999920) at /jerryscript/jerry-core/parser/js/js-lexer.c:3097
#17 0x0000555555838fe9 in parser_parse_class_body (context_p=0x7fffffffdd60, opts=PARSER_CLASS_LITERAL_NO_OPTS, class_name_index=<optimized out>) at /jerryscript/jerry-core/parser/js/js-parser-expr.c:691
#18 parser_parse_class (context_p=0x7fffffffdd60, is_statement=<optimized out>) at /jerryscript/jerry-core/parser/js/js-parser-expr.c:1110
#19 0x0000555555859db5 in parser_parse_statements (context_p=0x7fffffffdd60) at /jerryscript/jerry-core/parser/js/js-parser-statm.c:2787
#20 0x000055555577c016 in parser_parse_source (source_p=source_p@entry=0x7ffff5e00aa0, parse_opts=parse_opts@entry=0, options_p=options_p@entry=0x7ffff5f00830)
    at /jerryscript/jerry-core/parser/js/js-parser.c:2280
#21 0x000055555577a391 in parser_parse_script (source_p=0x3fa8d9, source_p@entry=0x7ffff5e00aa0, parse_opts=4171993, parse_opts@entry=0, options_p=0x6, options_p@entry=0x7ffff5f00830)
    at /jerryscript/jerry-core/parser/js/js-parser.c:3326
#22 0x000055555568d3ca in jerry_parse_common (source_p=0x7ffff5e00aa0, options_p=options_p@entry=0x7ffff5f00830, parse_opts=parse_opts@entry=0) at /jerryscript/jerry-core/api/jerryscript.c:412
#23 0x000055555568d22c in jerry_parse (source_p=<optimized out>, source_size=<optimized out>, options_p=<optimized out>) at /jerryscript/jerry-core/api/jerryscript.c:480
#24 0x0000555555872962 in jerryx_source_parse_script (path_p=<optimized out>) at /jerryscript/jerry-ext/util/sources.c:52
#25 0x0000555555872b54 in jerryx_source_exec_script (path_p=0x3fa8d9 <error: Cannot access memory at address 0x3fa8d9>) at /jerryscript/jerry-ext/util/sources.c:63
#26 0x00005555556860bc in main (argc=<optimized out>, argv=<optimized out>) at /jerryscript/jerry-main/main-desktop.c:156
Output(release)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3823600==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000000a (pc 0x55c958c85b99 bp 0x7ffc2fc75010 sp 0x7ffc2fc74e80 T0)
==3823600==The signal is caused by a READ memory access.
==3823600==Hint: address points to the zero page.
    #0 0x55c958c85b99 in parser_parse_class_body /jerryscript/jerry-core/parser/js/js-parser-expr.c:541:32
    #1 0x55c958c85b99 in parser_parse_class /jerryscript/jerry-core/parser/js/js-parser-expr.c:1110:27
    #2 0x55c958c8879d in parser_parse_unary_expression /jerryscript/jerry-core/parser/js/js-parser-expr.c:2217:7
    #3 0x55c958c8879d in parser_parse_expression /jerryscript/jerry-core/parser/js/js-parser-expr.c:4115:9
    #4 0x55c958c87043 in parser_parse_class_body /jerryscript/jerry-core/parser/js/js-parser-expr.c:843:13
    #5 0x55c958c87043 in parser_parse_class /jerryscript/jerry-core/parser/js/js-parser-expr.c:1110:27
    #6 0x55c958c8879d in parser_parse_unary_expression /jerryscript/jerry-core/parser/js/js-parser-expr.c:2217:7
    #7 0x55c958c8879d in parser_parse_expression /jerryscript/jerry-core/parser/js/js-parser-expr.c:4115:9
    #8 0x55c958c82802 in lexer_expect_object_literal_id /jerryscript/jerry-core/parser/js/js-lexer.c:3097:9
    #9 0x55c958c85ea8 in parser_parse_class_body /jerryscript/jerry-core/parser/js/js-parser-expr.c:691:9
    #10 0x55c958c85ea8 in parser_parse_class /jerryscript/jerry-core/parser/js/js-parser-expr.c:1110:27
    #11 0x55c958c9e7a8 in parser_parse_statements /jerryscript/jerry-core/parser/js/js-parser-statm.c:2787:9
    #12 0x55c958bf0c8c in parser_parse_source /jerryscript/jerry-core/parser/js/js-parser.c:2280:5
    #13 0x55c958bef7b3 in parser_parse_script /jerryscript/jerry-core/parser/js/js-parser.c:3326:38
    #14 0x55c958b4cf38 in jerry_parse_common /jerryscript/jerry-core/api/jerryscript.c:412:21
    #15 0x55c958b4cd34 in jerry_parse /jerryscript/jerry-core/api/jerryscript.c:480:10
    #16 0x55c958cb25ef in jerryx_source_parse_script /jerryscript/jerry-ext/util/sources.c:52:26
    #17 0x55c958cb27af in jerryx_source_exec_script /jerryscript/jerry-ext/util/sources.c:63:26
    #18 0x55c958b485b2 in main /jerryscript/jerry-main/main-desktop.c:156:20
    #19 0x7f3fcdda2d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #20 0x7f3fcdda2e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #21 0x55c958a88424 in _start (/jerryscript/1120/bin/jerry+0x41424) (BuildId: cf2994fd54b657190fc30f38dcd053553bef67f2)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /jerryscript/jerry-core/parser/js/js-parser-expr.c:541:32 in parser_parse_class_body
==3823600==ABORTING
@LaszloLango LaszloLango added bug Undesired behaviour parser Related to the JavaScript parser fuzzing Related to fuzz testing of the engine labels Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Undesired behaviour fuzzing Related to fuzz testing of the engine parser Related to the JavaScript parser
Projects
None yet
Development

No branches or pull requests

2 participants